Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 5.3.2Report Generated On : Wed, 28 Oct 2020 17:18:37 +0800Dependencies Scanned : 1878 (331 unique)Vulnerable Dependencies : 56 Vulnerabilities Found : 245Vulnerabilities Suppressed : 0... NVD CVE Checked : 2020-10-28T17:18:19NVD CVE Modified : 2020-10-28T13:01:30VersionCheckOn : 2020-10-13T01:03:29Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies HdrHistogram-2.1.6.jarDescription:
HdrHistogram supports the recording and analyzing sampled data value
counts across a configurable integer value range with configurable value
precision within the range. Value precision is expressed as the number of
significant digits in the value recording, and provides control over value
quantization behavior across the value range and the subsequent value
resolution at any given level.
License:
Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/ File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/HdrHistogram-2.1.6.jar
MD5: 565bf21a1fec0dc39e8b9d5eb0642344
SHA1: 7495feb7f71ee124bd2a7e7d83590e296d71d80e
SHA256: 1d44b3a32d268aa453ee7a9bb89650dfccb159a3160df49d92f299f2b72e9988
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.hdrhistogram Medium Vendor jar package name hdrhistogram Highest Vendor file name HdrHistogram High Vendor pom url http://hdrhistogram.github.io/HdrHistogram/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest bundle-symbolicname org.hdrhistogram.HdrHistogram Medium Vendor pom groupid hdrhistogram Highest Vendor pom artifactid HdrHistogram Low Vendor pom name HdrHistogram High Product pom artifactid HdrHistogram Highest Product jar package name hdrhistogram Highest Product file name HdrHistogram High Product Manifest Implementation-Title HdrHistogram High Product Manifest bundle-symbolicname org.hdrhistogram.HdrHistogram Medium Product Manifest specification-title HdrHistogram Medium Product pom url http://hdrhistogram.github.io/HdrHistogram/ Medium Product Manifest Bundle-Name HdrHistogram Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name version Highest Product pom groupid hdrhistogram Highest Product pom name HdrHistogram High Version pom version 2.1.6 Highest Version Manifest Bundle-Version 2.1.6 High Version Manifest Implementation-Version 2.1.6 High Version file version 2.1.6 High
Related Dependencies HdrHistogram-2.1.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/HdrHistogram-2.1.6.jar MD5: 565bf21a1fec0dc39e8b9d5eb0642344 SHA1: 7495feb7f71ee124bd2a7e7d83590e296d71d80e SHA256: 1d44b3a32d268aa453ee7a9bb89650dfccb159a3160df49d92f299f2b72e9988 HdrHistogram-2.1.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/HdrHistogram-2.1.6.jar MD5: 565bf21a1fec0dc39e8b9d5eb0642344 SHA1: 7495feb7f71ee124bd2a7e7d83590e296d71d80e SHA256: 1d44b3a32d268aa453ee7a9bb89650dfccb159a3160df49d92f299f2b72e9988 HdrHistogram-2.1.9.jarDescription:
HdrHistogram supports the recording and analyzing sampled data value
counts across a configurable integer value range with configurable value
precision within the range. Value precision is expressed as the number of
significant digits in the value recording, and provides control over value
quantization behavior across the value range and the subsequent value
resolution at any given level.
License:
Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/ File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/HdrHistogram-2.1.9.jar
MD5: ee302e5e7489719991aa0ca2dd67febd
SHA1: e4631ce165eb400edecfa32e03d3f1be53dee754
SHA256: 95d40913be28dfd439cefea9170c40898ea84f11f25e6ff8de50339b8a7b5e3e
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.hdrhistogram Medium Vendor jar package name hdrhistogram Highest Vendor file name HdrHistogram High Vendor pom url http://hdrhistogram.github.io/HdrHistogram/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest bundle-symbolicname org.hdrhistogram.HdrHistogram Medium Vendor pom groupid hdrhistogram Highest Vendor pom artifactid HdrHistogram Low Vendor pom name HdrHistogram High Product pom artifactid HdrHistogram Highest Product jar package name hdrhistogram Highest Product file name HdrHistogram High Product Manifest Implementation-Title HdrHistogram High Product Manifest bundle-symbolicname org.hdrhistogram.HdrHistogram Medium Product Manifest specification-title HdrHistogram Medium Product pom url http://hdrhistogram.github.io/HdrHistogram/ Medium Product Manifest Bundle-Name HdrHistogram Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name version Highest Product pom groupid hdrhistogram Highest Product pom name HdrHistogram High Version Manifest Bundle-Version 2.1.9 High Version pom version 2.1.9 Highest Version file version 2.1.9 High Version Manifest Implementation-Version 2.1.9 High
accessors-smart-1.1.jarDescription:
Java reflect give poor performance on getter setter an constructor calls,
accessors-smart use ASM to speed up those calls.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/accessors-smart-1.1.jar
MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82
SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08
SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5
Evidence Type Source Name Value Confidence Vendor file name accessors-smart High Vendor jar package name minidev Highest Vendor pom artifactid accessors-smart Low Vendor pom name ASM based accessors helper used by json-smart High Vendor Manifest bundle-symbolicname net.minidev.accessors-smart Medium Vendor Manifest bundle-docurl http://www.minidev.net/ Low Vendor jar package name net Highest Vendor pom groupid net.minidev Highest Vendor pom parent-artifactid minidev-parent Low Vendor jar package name asm Highest Product file name accessors-smart High Product jar package name minidev Highest Product Manifest Bundle-Name accessors-smart Medium Product pom name ASM based accessors helper used by json-smart High Product Manifest bundle-symbolicname net.minidev.accessors-smart Medium Product Manifest bundle-docurl http://www.minidev.net/ Low Product pom parent-artifactid minidev-parent Medium Product jar package name net Highest Product jar package name asm Highest Product pom groupid net.minidev Highest Product pom artifactid accessors-smart Highest Version Manifest Bundle-Version 1.1 High Version file version 1.1 High Version pom parent-version 1.1 Low Version pom version 1.1 Highest
Related Dependencies accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 accessors-smart-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/accessors-smart-1.1.jar MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82 SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08 SHA256: e6e04753913546da3ff0fbf532ac2831d0266f69246b1e6e295ba367aa9f02a5 activation-1.1.jarDescription:
JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
License:
Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256: 2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3
Evidence Type Source Name Value Confidence Vendor jar package name activation Highest Vendor jar package name activation Low Vendor pom name JavaBeans Activation Framework (JAF) High Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor jar (hint) package name oracle Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor jar package name javax Low Vendor pom url http://java.sun.com/products/javabeans/jaf/index.jsp Highest Vendor pom artifactid activation Low Vendor jar package name sun Highest Vendor central groupid javax.activation Highest Vendor jar package name javax Highest Vendor Manifest extension-name javax.activation Medium Vendor file name activation High Vendor pom groupid javax.activation Highest Product central artifactid activation Highest Product pom artifactid activation Highest Product pom url http://java.sun.com/products/javabeans/jaf/index.jsp Medium Product jar package name activation Highest Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium Product jar package name activation Low Product jar package name javax Highest Product Manifest extension-name javax.activation Medium Product file name activation High Product pom groupid javax.activation Highest Product pom name JavaBeans Activation Framework (JAF) High Version Manifest Implementation-Version 1.1 High Version file version 1.1 High Version pom version 1.1 Highest Version central version 1.1 Highest
Related Dependencies activation-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/activation-1.1.jar MD5: 8ae38e87cd4f86059c0294a8fe3e0b18 SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50 SHA256: 2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3 aliyun-sdk-oss-2.5.0.jarDescription:
The Aliyun OSS SDK for Java used for accessing Aliyun Object Storage Service License:
: File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/aliyun-sdk-oss-2.5.0.jar
MD5: 59f4f207d393f0440757235c8107deca
SHA1: 917f16c768386d88a1fce029b7751c802bb49245
SHA256: 1d0f293bc07221418e074e6217de8cb6e9fb67c441ee13d981ee98b6f44744b3
Evidence Type Source Name Value Confidence Vendor pom name Aliyun OSS SDK for Java High Vendor pom url http://www.aliyun.com/product/oss Highest Vendor jar package name oss Highest Vendor pom groupid aliyun.oss Highest Vendor jar package name oss Low Vendor file name aliyun-sdk-oss High Vendor jar package name aliyun Highest Vendor pom artifactid aliyun-sdk-oss Low Vendor jar package name aliyun Low Product pom name Aliyun OSS SDK for Java High Product jar package name oss Highest Product pom url http://www.aliyun.com/product/oss Medium Product pom groupid aliyun.oss Highest Product jar package name oss Low Product file name aliyun-sdk-oss High Product jar package name aliyun Highest Product pom artifactid aliyun-sdk-oss Highest Version file version 2.5.0 High Version pom version 2.5.0 Highest
android-json-0.0.20131108.vaadin1.jarDescription:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
This is the org.json compatible Android implementation extracted from the Android SDK
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/android-json-0.0.20131108.vaadin1.jar
MD5: 10612241a9cc269501a7a2b8a984b949
SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f
SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79
Evidence Type Source Name Value Confidence Vendor pom groupid vaadin.external.google Highest Vendor pom name JSON library from Android SDK High Vendor Manifest Implementation-Vendor Google High Vendor pom artifactid android-json Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor file name android-json High Vendor pom url http://developer.android.com/sdk Highest Vendor jar package name json Low Vendor jar package name json Highest Vendor Manifest implementation-url http://developer.android.com/sdk Low Vendor central groupid com.vaadin.external.google Highest Vendor Manifest bundle-symbolicname org.json Medium Product pom groupid vaadin.external.google Highest Product central artifactid android-json Highest Product pom name JSON library from Android SDK High Product Manifest Bundle-Name json-android Medium Product jar package name json Highest Product Manifest implementation-url http://developer.android.com/sdk Low Product pom url http://developer.android.com/sdk Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product file name android-json High Product Manifest bundle-symbolicname org.json Medium Product pom artifactid android-json Highest Version central version 0.0.20131108.vaadin1 Highest Version pom version 0.0.20131108.vaadin1 Highest Version Manifest Bundle-Version 0.0.20131108.vaadin1 High Version Manifest Implementation-Version 0.0.20131108.vaadin1 High
Related Dependencies android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 android-json-0.0.20131108.vaadin1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/android-json-0.0.20131108.vaadin1.jar MD5: 10612241a9cc269501a7a2b8a984b949 SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f SHA256: dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79 annotations-2.0.0.jarDescription:
Annotation supports the FindBugs tool License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/annotations-2.0.0.jar
MD5: 14a4ebc50afb20e9520fe502d231809d
SHA1: d8dff1d83a79f0c0609c360f02bcd2f2fc1f1369
SHA256: 09b0ceef7b47b39c916ed4e0e6121ecdcdb4d2538f5a479fee387146f7bc67c1
Evidence Type Source Name Value Confidence Vendor central groupid com.google.code.findbugs Highest Vendor pom name FindBugs-Annotations High Vendor jar package name annotation Low Vendor file name annotations High Vendor jar package name javax Low Vendor pom artifactid annotations Low Vendor Manifest bundle-symbolicname findbugsAnnotations Medium Vendor pom url http://findbugs.sourceforge.net/ Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.5 Low Vendor pom groupid google.code.findbugs Highest Product central artifactid annotations Highest Product pom artifactid annotations Highest Product pom name FindBugs-Annotations High Product jar package name annotation Low Product file name annotations High Product Manifest Bundle-Name FindbugsAnnotations Medium Product Manifest bundle-symbolicname findbugsAnnotations Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.5 Low Product pom url http://findbugs.sourceforge.net/ Medium Product pom groupid google.code.findbugs Highest Version Manifest Bundle-Version 2.0.0 High Version central version 2.0.0 Highest Version pom version 2.0.0 Highest Version file version 2.0.0 High
archaius-core-0.6.0.jarDescription:
archaius-core developed by Netflix License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/archaius-core-0.6.0.jar
MD5: 68406596c9e0e246e5454dab85186352
SHA1: 1ecb29ef5d4c0c98cae35d1038fd980688eab5f9
SHA256: 6e262737ee105ab704a3c66df790627ba698add65f5b18ce64b7569caadeaaad
Evidence Type Source Name Value Confidence Vendor pom name archaius-core High Vendor file name archaius-core High Vendor jar package name netflix Low Vendor jar package name config Low Vendor pom artifactid archaius-core Low Vendor central groupid com.netflix.archaius Highest Vendor pom groupid netflix.archaius Highest Vendor pom url Netflix/archaius Highest Product pom name archaius-core High Product file name archaius-core High Product jar package name config Low Product pom groupid netflix.archaius Highest Product pom artifactid archaius-core Highest Product pom url Netflix/archaius High Product central artifactid archaius-core Highest Version pom version 0.6.0 Highest Version file version 0.6.0 High Version central version 0.6.0 Highest
asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/asm-5.0.3.jarMD5: ccebee99fb8cdd50e1967680a2eac0baSHA1: dcc2193db20e19e1feca8b1240dbbc4e190824faSHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc
Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Low Vendor pom artifactid asm Low Vendor jar package name objectweb Highest Vendor pom groupid ow2.asm Highest Vendor pom name ASM Core High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor central groupid org.ow2.asm Highest Vendor Manifest bundle-docurl http://asm.objectweb.org Low Vendor jar package name objectweb Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom parent-artifactid asm-parent Low Vendor jar package name asm Highest Vendor pom parent-groupid org.ow2.asm Medium Vendor Manifest Implementation-Vendor France Telecom R&D High Product file name asm High Product jar package name asm Low Product jar package name objectweb Highest Product pom artifactid asm Highest Product Manifest Implementation-Title ASM High Product pom parent-artifactid asm-parent Medium Product pom groupid ow2.asm Highest Product pom name ASM Core High Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest Bundle-Name ASM Medium Product central artifactid asm Highest Product Manifest bundle-docurl http://asm.objectweb.org Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product jar package name asm Highest Product pom parent-groupid org.ow2.asm Medium Version Manifest Implementation-Version 5.0.3 High Version Manifest Bundle-Version 5.0.3 High Version file version 5.0.3 High Version pom version 5.0.3 Highest Version central version 5.0.3 Highest
Related Dependencies asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-5.0.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/asm-5.0.3.jar MD5: ccebee99fb8cdd50e1967680a2eac0ba SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa SHA256: 71c4f78e437b8fdcd9cc0dfd2abea8c089eb677005a6a5cff320206cc52b46cc asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/asm-debug-all-5.2.jarMD5: fe5f20404ccdee9769ef05dc4b47ba98SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e
Evidence Type Source Name Value Confidence Vendor pom name ASM Debug All High Vendor jar package name asm Low Vendor jar package name objectweb Highest Vendor file name asm-debug-all High Vendor pom groupid ow2.asm Highest Vendor pom artifactid asm-debug-all Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor central groupid org.ow2.asm Highest Vendor Manifest bundle-docurl http://asm.objectweb.org Low Vendor jar package name objectweb Low Vendor pom parent-artifactid asm-parent Low Vendor Manifest bundle-symbolicname org.objectweb.asm.all.debug Medium Vendor jar package name asm Highest Vendor pom parent-groupid org.ow2.asm Medium Vendor Manifest Implementation-Vendor France Telecom R&D High Product Manifest Bundle-Name ASM all classes with debug info Medium Product pom name ASM Debug All High Product jar package name asm Low Product central artifactid asm-debug-all Highest Product jar package name objectweb Highest Product file name asm-debug-all High Product pom parent-artifactid asm-parent Medium Product pom groupid ow2.asm Highest Product Manifest Implementation-Title ASM all classes with debug info High Product pom artifactid asm-debug-all Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-docurl http://asm.objectweb.org Low Product jar package name asm Highest Product Manifest bundle-symbolicname org.objectweb.asm.all.debug Medium Product pom parent-groupid org.ow2.asm Medium Version file version 5.2 High Version pom version 5.2 Highest Version Manifest Implementation-Version 5.2 High Version Manifest Bundle-Version 5.2 High Version central version 5.2 Highest
Related Dependencies asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e asm-debug-all-5.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/asm-debug-all-5.2.jar MD5: fe5f20404ccdee9769ef05dc4b47ba98 SHA1: 3354e11e2b34215f06dab629ab88e06aca477c19 SHA256: 254b82bec9da4f8efbc8b1f93ab2b87f7465227a82b36cf3d05d9e77a0e8dd2e aspectjweaver-1.8.9.jarDescription:
The AspectJ weaver introduces advices to java classes License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/aspectjweaver-1.8.9.jar
MD5: 304a51bce49f52a26bb79f3fd0b58325
SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7
SHA256: 5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf
Evidence Type Source Name Value Confidence Vendor pom groupid aspectj Highest Vendor jar package name weaver Highest Vendor jar package name weaver Low Vendor jar package name org Highest Vendor pom url http://www.aspectj.org Highest Vendor Manifest can-redefine-classes true Low Vendor Manifest specification-vendor aspectj.org Low Vendor pom name AspectJ weaver High Vendor Manifest Implementation-Vendor aspectj.org High Vendor jar package name aspectj Highest Vendor jar package name aspectj Low Vendor file name aspectjweaver High Vendor central groupid org.aspectj Highest Vendor Manifest name org/aspectj/weaver/ Medium Vendor pom artifactid aspectjweaver Low Product pom groupid aspectj Highest Product jar package name weaver Highest Product jar package name weaver Low Product central artifactid aspectjweaver Highest Product jar package name org Highest Product Manifest can-redefine-classes true Low Product pom name AspectJ weaver High Product pom url http://www.aspectj.org Medium Product Manifest specification-title AspectJ Weaver Classes Medium Product jar package name aspectj Highest Product file name aspectjweaver High Product pom artifactid aspectjweaver Highest Product Manifest name org/aspectj/weaver/ Medium Product Manifest Implementation-Title org.aspectj.weaver High Version pom version 1.8.9 Highest Version file version 1.8.9 High Version Manifest Implementation-Version 1.8.9 High Version central version 1.8.9 Highest
Related Dependencies aspectjweaver-1.8.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/aspectjweaver-1.8.9.jar MD5: 304a51bce49f52a26bb79f3fd0b58325 SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7 SHA256: 5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf aspectjweaver-1.8.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/aspectjweaver-1.8.9.jar MD5: 304a51bce49f52a26bb79f3fd0b58325 SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7 SHA256: 5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf aspectjweaver-1.8.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/aspectjweaver-1.8.9.jar MD5: 304a51bce49f52a26bb79f3fd0b58325 SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7 SHA256: 5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf aspectjweaver-1.8.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/aspectjweaver-1.8.9.jar MD5: 304a51bce49f52a26bb79f3fd0b58325 SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7 SHA256: 5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf assertj-core-2.6.0.jarDescription:
Rich and fluent assertions for testing License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/assertj-core-2.6.0.jar
MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2
SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad
SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b
Evidence Type Source Name Value Confidence Vendor file name assertj-core High Vendor pom name AssertJ fluent assertions High Vendor pom artifactid assertj-core Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid assertj Highest Vendor Manifest bundle-docurl joel-costigliola.github.io/assertj/index.html Low Vendor jar package name core Highest Vendor pom parent-artifactid assertj-parent-pom Low Vendor jar package name assertions Highest Vendor Manifest bundle-symbolicname org.assertj.core Medium Vendor pom parent-groupid org.assertj Medium Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor jar package name assertj Highest Product file name assertj-core High Product pom name AssertJ fluent assertions High Product Manifest Bundle-Name AssertJ fluent assertions Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid assertj-parent-pom Medium Product pom groupid assertj Highest Product Manifest bundle-docurl joel-costigliola.github.io/assertj/index.html Low Product jar package name core Highest Product jar package name index Highest Product jar package name assertions Highest Product jar package name filter Highest Product Manifest bundle-symbolicname org.assertj.core Medium Product pom parent-groupid org.assertj Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product jar package name assertj Highest Product pom artifactid assertj-core Highest Version file version 2.6.0 High Version pom version 2.6.0 Highest Version pom parent-version 2.6.0 Low Version Manifest Bundle-Version 2.6.0 High
Related Dependencies assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/assertj-core-2.6.0.jar MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2 SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad SHA256: d20c78593c85bd6efe7af2de8ea0b7f2e0288ca6076b52e584bad52188ec7c7b assertj-core-2.6.0.jar (shaded: cglib:cglib-nodep:3.2.4)File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/assertj-core-2.6.0.jar/META-INF/maven/cglib/cglib-nodep/pom.xmlMD5: 425b3e01685d013cbc5b431afc582104SHA1: 3d0aad1cd07c4754588acbdb8561e367e457cc1dSHA256: deae8511bfabe5cd0799c516446bc3a588f8ca82309df2cf55d01a0d75626102
Evidence Type Source Name Value Confidence Vendor pom groupid cglib Highest Vendor pom artifactid cglib-nodep Low Vendor pom parent-artifactid cglib-parent Low Product pom groupid cglib Highest Product pom parent-artifactid cglib-parent Medium Product pom artifactid cglib-nodep Highest Version pom version 3.2.4 Highest
assertj-core-2.6.0.jar (shaded: cglib:cglib:3.2.4)File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/assertj-core-2.6.0.jar/META-INF/maven/cglib/cglib/pom.xmlMD5: 072045d2914c647e8e37e8c4b387aaf0SHA1: 23e1de8e375b571cb6c40ef93f04578abc23dfcbSHA256: 6e31974a4cfc4e465d4133628f7fdd2ab69fbdb20d1dec27bfc24abd1078f741
Evidence Type Source Name Value Confidence Vendor pom groupid cglib Highest Vendor pom parent-artifactid cglib-parent Low Vendor pom artifactid cglib Low Product pom artifactid cglib Highest Product pom groupid cglib Highest Product pom parent-artifactid cglib-parent Medium Version pom version 3.2.4 Highest
aws-java-sdk-core-1.11.22.jarDescription:
The AWS SDK for Java - Core module holds the classes that is used by the individual service clients to interact with Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/aws-java-sdk-core-1.11.22.jarMD5: 89376ff44e3ba7cde45bb9b252e17797SHA1: 019b10c31a696728b449cfc66637b703370ddeffSHA256: e1cf8cf815ca584d590f5eff5645c01b1469b41bf9debd22757fb9341e2b6412
Evidence Type Source Name Value Confidence Vendor jar package name classes Highest Vendor pom url https://aws.amazon.com/sdkforjava Highest Vendor pom groupid amazonaws Highest Vendor pom parent-groupid com.amazonaws Medium Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor pom artifactid aws-java-sdk-core Low Vendor pom name AWS SDK for Java - Core High Vendor jar package name service Highest Vendor file name aws-java-sdk-core High Vendor jar package name amazonaws Highest Vendor jar package name amazonaws Low Product jar package name classes Highest Product pom artifactid aws-java-sdk-core Highest Product pom groupid amazonaws Highest Product pom parent-artifactid aws-java-sdk-pom Medium Product pom parent-groupid com.amazonaws Medium Product pom name AWS SDK for Java - Core High Product jar package name service Highest Product file name aws-java-sdk-core High Product jar package name amazonaws Highest Product pom url https://aws.amazon.com/sdkforjava Medium Version pom version 1.11.22 Highest Version file version 1.11.22 High
aws-java-sdk-kms-1.11.22.jarDescription:
The AWS Java SDK for AWS KMS module holds the client classes that are used for communicating with AWS Key Management Service File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/aws-java-sdk-kms-1.11.22.jarMD5: 6b1b3b263e91d577c28fd93d590f0b54SHA1: f87e740fc468306ecd7dd73fdc386472fe6763d5SHA256: 08a29996c27e249269674ba16e333c202f899fff3aae640e574fab86bf4ef736
Evidence Type Source Name Value Confidence Vendor pom url https://aws.amazon.com/sdkforjava Highest Vendor jar package name services Low Vendor pom groupid amazonaws Highest Vendor pom parent-groupid com.amazonaws Medium Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor jar package name amazonaws Highest Vendor jar package name amazonaws Low Vendor jar package name kms Highest Vendor file name aws-java-sdk-kms High Vendor pom name AWS Java SDK for AWS KMS High Vendor pom artifactid aws-java-sdk-kms Low Vendor jar package name kms Low Product jar package name services Low Product pom groupid amazonaws Highest Product pom parent-artifactid aws-java-sdk-pom Medium Product pom parent-groupid com.amazonaws Medium Product jar package name amazonaws Highest Product pom url https://aws.amazon.com/sdkforjava Medium Product jar package name model Low Product jar package name kms Highest Product file name aws-java-sdk-kms High Product pom name AWS Java SDK for AWS KMS High Product pom artifactid aws-java-sdk-kms Highest Product jar package name kms Low Version pom version 1.11.22 Highest Version file version 1.11.22 High
aws-java-sdk-s3-1.11.22.jarDescription:
The AWS Java SDK for Amazon S3 module holds the client classes that are used for communicating with Amazon Simple Storage Service File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/aws-java-sdk-s3-1.11.22.jarMD5: 7c5bc60a2383f0b0fe48af0ab962b09aSHA1: 6bdd5b519df9f7d6106d1368d8c76bc724cd2703SHA256: 3d602d5ade35d967caf8cb5ac04d469b9b347602ccb8004ce3a04a5de4615bbe
Evidence Type Source Name Value Confidence Vendor pom url https://aws.amazon.com/sdkforjava Highest Vendor jar package name services Low Vendor pom groupid amazonaws Highest Vendor pom parent-groupid com.amazonaws Medium Vendor pom artifactid aws-java-sdk-s3 Low Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor file name aws-java-sdk-s3 High Vendor jar package name amazonaws Highest Vendor jar package name amazonaws Low Vendor jar package name s3 Highest Vendor pom name AWS Java SDK for Amazon S3 High Vendor jar package name s3 Low Product jar package name services Low Product pom groupid amazonaws Highest Product pom parent-artifactid aws-java-sdk-pom Medium Product pom parent-groupid com.amazonaws Medium Product file name aws-java-sdk-s3 High Product jar package name amazonaws Highest Product pom artifactid aws-java-sdk-s3 Highest Product pom url https://aws.amazon.com/sdkforjava Medium Product jar package name model Low Product jar package name s3 Highest Product pom name AWS Java SDK for Amazon S3 High Product jar package name s3 Low Version pom version 1.11.22 Highest Version file version 1.11.22 High
aws-java-sdk-sts-1.11.22.jarDescription:
The AWS Java SDK for AWS STS module holds the client classes that are used for communicating with AWS Security Token Service File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/aws-java-sdk-sts-1.11.22.jarMD5: 66dd519c1963169fa01852d724bc4fe8SHA1: f849f3f89163708ba89353a31498503825ad1335SHA256: d54169233622e41f0e942107edae3e08da8ed52293db622d2a45107f376f6a06
Evidence Type Source Name Value Confidence Vendor pom url https://aws.amazon.com/sdkforjava Highest Vendor jar package name services Low Vendor pom groupid amazonaws Highest Vendor file name aws-java-sdk-sts High Vendor pom parent-groupid com.amazonaws Medium Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor pom artifactid aws-java-sdk-sts Low Vendor jar package name amazonaws Highest Vendor jar package name securitytoken Low Vendor pom name AWS Java SDK for AWS STS High Vendor jar package name amazonaws Low Product jar package name model Low Product pom artifactid aws-java-sdk-sts Highest Product jar package name services Low Product pom groupid amazonaws Highest Product pom parent-artifactid aws-java-sdk-pom Medium Product file name aws-java-sdk-sts High Product pom parent-groupid com.amazonaws Medium Product jar package name amazonaws Highest Product pom url https://aws.amazon.com/sdkforjava Medium Product jar package name securitytoken Low Product pom name AWS Java SDK for AWS STS High Version pom version 1.11.22 Highest Version file version 1.11.22 High
backport-util-concurrent-3.1.jarDescription:
Dawid Kurzyniec's backport of JSR 166 License:
Public Domain: http://creativecommons.org/licenses/publicdomain File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902
Evidence Type Source Name Value Confidence Vendor jar package name mathcs Low Vendor pom organization name Dawid Kurzyniec High Vendor pom organization url http://www.mathcs.emory.edu/~dawidk/ Medium Vendor pom name Backport of JSR 166 High Vendor file name backport-util-concurrent High Vendor jar package name emory Low Vendor pom url http://backport-jsr166.sourceforge.net/ Highest Vendor jar package name edu Low Vendor central groupid backport-util-concurrent Highest Vendor pom groupid backport-util-concurrent Highest Vendor pom artifactid backport-util-concurrent Low Product jar package name mathcs Low Product jar package name backport Low Product central artifactid backport-util-concurrent Highest Product pom url http://backport-jsr166.sourceforge.net/ Medium Product pom name Backport of JSR 166 High Product file name backport-util-concurrent High Product pom organization name Dawid Kurzyniec Low Product jar package name emory Low Product pom organization url http://www.mathcs.emory.edu/~dawidk/ Low Product pom groupid backport-util-concurrent Highest Product pom artifactid backport-util-concurrent Highest Version pom version 3.1 Highest Version central version 3.1 Highest Version file version 3.1 High
Related Dependencies backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 backport-util-concurrent-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/backport-util-concurrent-3.1.jar MD5: 748bb0cbf4780b2e3121dc9c12e10cd9 SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902 btf-1.2.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/btf-1.2.jar
MD5: 5c91cd1157e0bb99e77a33b6f42a457c
SHA1: 9e66651022eb86301b348d57e6f59459effc343b
SHA256: 38a380577a186718cb97ee8af58d4f40f7fbfdc23ff68b5f4b3c2c68a1d5c05d
Evidence Type Source Name Value Confidence Vendor central groupid com.github.fge Highest Vendor jar package name fge Low Vendor jar package name github Low Vendor pom groupid github.fge Highest Vendor file name btf High Vendor pom name null High Vendor pom artifactid btf Low Vendor jar package name fge Highest Vendor jar package name github Highest Vendor Manifest bundle-symbolicname com.github.fge.btf Medium Vendor pom url fge/btf Highest Product Manifest Bundle-Name btf Medium Product jar package name fge Low Product central artifactid btf Highest Product pom groupid github.fge Highest Product file name btf High Product pom artifactid btf Highest Product pom name null High Product pom url fge/btf High Product jar package name fge Highest Product jar package name github Highest Product Manifest bundle-symbolicname com.github.fge.btf Medium Version Manifest Bundle-Version 1.2 High Version file version 1.2 High Version central version 1.2 Highest Version pom version 1.2 Highest
cal10n-api-0.7.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cal10n-api-0.7.4.jarMD5: 80109109356c7bfbe6ca29c70d0655fcSHA1: 132b7e1702af0335cf4259d30aaf959264db688fSHA256: 7c6f270575a0cd69306dd6189f6ff29230fbd829f43306e5a7ae234eb6b25553
Evidence Type Source Name Value Confidence Vendor jar package name cal10n Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom groupid ch.qos.cal10n Highest Vendor pom name Compiler assisted localization library (CAL10N) - API High Vendor jar package name ch Highest Vendor Manifest bundle-symbolicname cal10n.api Medium Vendor pom artifactid cal10n-api Low Vendor file name cal10n-api High Vendor jar package name qos Highest Vendor pom parent-artifactid cal10n-parent Low Product pom groupid ch.qos.cal10n Highest Product pom name Compiler assisted localization library (CAL10N) - API High Product jar package name ch Highest Product Manifest bundle-symbolicname cal10n.api Medium Product Manifest Bundle-Name cal10n-api Medium Product jar package name cal10n Highest Product pom parent-artifactid cal10n-parent Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product file name cal10n-api High Product jar package name qos Highest Product pom artifactid cal10n-api Highest Product Manifest Implementation-Title cal10n-api High Version file version 0.7.4 High Version Manifest Bundle-Version 0.7.4 High Version Manifest Implementation-Version 0.7.4 High Version pom version 0.7.4 Highest
classmate-1.3.3.jarDescription:
Library for introspecting types with full generic information
including resolving of field and method types.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/classmate-1.3.3.jar
MD5: 85986d1c6a2a58901ab1ca64ff4d8a50
SHA1: 864c8e370a691e343210cc7c532fc198cee460d8
SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344
Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.fasterxml Medium Vendor Manifest bundle-docurl http://github.com/cowtowncoder/java-classmate Low Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Vendor Manifest specification-vendor fasterxml.com Low Vendor Manifest Implementation-Vendor fasterxml.com High Vendor pom organization url http://fasterxml.com Medium Vendor pom groupid fasterxml Highest Vendor pom name ClassMate High Vendor pom parent-artifactid oss-parent Low Vendor pom organization name fasterxml.com High Vendor jar package name classmate Highest Vendor pom url http://github.com/cowtowncoder/java-classmate Highest Vendor jar package name fasterxml Highest Vendor Manifest implementation-build-date 2016-09-28 05:24:11+0000 Low Vendor jar package name types Highest Vendor file name classmate High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid classmate Low Product pom parent-artifactid oss-parent Medium Product pom url http://github.com/cowtowncoder/java-classmate Medium Product Manifest Implementation-Title ClassMate High Product pom parent-groupid com.fasterxml Medium Product Manifest bundle-docurl http://github.com/cowtowncoder/java-classmate Low Product pom organization name fasterxml.com Low Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Product pom organization url http://fasterxml.com Low Product Manifest Bundle-Name ClassMate Medium Product pom groupid fasterxml Highest Product pom name ClassMate High Product jar package name filter Highest Product jar package name classmate Highest Product jar package name fasterxml Highest Product Manifest implementation-build-date 2016-09-28 05:24:11+0000 Low Product jar package name types Highest Product file name classmate High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title ClassMate Medium Product pom artifactid classmate Highest Version Manifest Implementation-Version 1.3.3 High Version file version 1.3.3 High Version pom version 1.3.3 Highest Version pom parent-version 1.3.3 Low Version Manifest Bundle-Version 1.3.3 High
Related Dependencies classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classmate-1.3.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/classmate-1.3.3.jar MD5: 85986d1c6a2a58901ab1ca64ff4d8a50 SHA1: 864c8e370a691e343210cc7c532fc198cee460d8 SHA256: 607852e0e8d608183b6dba8e6064726ff4c7895e128196885fb5a2df481df344 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/classworlds-1.1-alpha-2.jarMD5: 82cacb7d9724c4a4e4d20f004884d4daSHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Codehaus Low Vendor Manifest Implementation-Vendor The Codehaus High Vendor pom artifactid classworlds Low Vendor Manifest extension-name classworlds Medium Vendor pom groupid classworlds Highest Vendor pom url http://classworlds.codehaus.org/ Highest Vendor central groupid classworlds Highest Vendor jar package name classworlds Highest Vendor jar package name classworlds Low Vendor jar package name codehaus Highest Vendor pom name classworlds High Vendor pom organization url http://codehaus.org/ Medium Vendor file name classworlds High Vendor jar package name codehaus Low Vendor pom organization name The Codehaus High Product Manifest extension-name classworlds Medium Product Manifest specification-title classworlds: Java(tm) ClassLoader Management Framework Medium Product pom groupid classworlds Highest Product pom organization url http://codehaus.org/ Low Product jar package name classworlds Highest Product jar package name classworlds Low Product jar package name codehaus Highest Product pom organization name The Codehaus Low Product Manifest Implementation-Title org.codehaus.classworlds High Product pom artifactid classworlds Highest Product pom name classworlds High Product file name classworlds High Product pom url http://classworlds.codehaus.org/ Medium Product central artifactid classworlds Highest Version pom version 1.1-alpha-2 Highest Version central version 1.1-alpha-2 Highest Version Manifest Implementation-Version 1.1-alpha-2 High
Related Dependencies classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 classworlds-1.1-alpha-2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/classworlds-1.1-alpha-2.jar MD5: 82cacb7d9724c4a4e4d20f004884d4da SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47 SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3 com.ibm.jbatch-tck-spi-1.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/com.ibm.jbatch-tck-spi-1.0.jarMD5: f476e385f602ee1e17a1d8306cce3c67SHA1: 8ac869b0a60bff1a15eba0fb6398942410396938SHA256: 8b1130444dc617596509ff4a8e9e99bd1d08a36569a60974968131edf8887d84
Evidence Type Source Name Value Confidence Vendor pom groupid ibm.jbatch Highest Vendor Manifest bundle-symbolicname com.ibm.jbatch-tck-spi Medium Vendor pom parent-groupid javax.batch Medium Vendor jar package name tck Highest Vendor pom parent-artifactid jbatch Low Vendor file name com.ibm.jbatch-tck-spi High Vendor jar package name ibm Highest Vendor jar package name spi Highest Vendor pom artifactid ibm.jbatch-tck-spi Low Vendor jar package name jbatch Highest Product pom groupid ibm.jbatch Highest Product Manifest bundle-symbolicname com.ibm.jbatch-tck-spi Medium Product pom parent-groupid javax.batch Medium Product jar package name tck Highest Product Manifest Bundle-Name com.ibm.jbatch-tck-spi Medium Product file name com.ibm.jbatch-tck-spi High Product jar package name ibm Highest Product jar package name spi Highest Product pom artifactid ibm.jbatch-tck-spi Highest Product jar package name jbatch Highest Product pom parent-artifactid jbatch Medium Version Manifest Bundle-Version 1.0 High Version file version 1.0 High Version pom version 1.0 Highest
commons-beanutils-1.9.3.jarDescription:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73
Evidence Type Source Name Value Confidence Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor jar package name apache Highest Vendor pom groupid commons-beanutils Highest Vendor Manifest bundle-symbolicname org.apache.commons.beanutils Medium Vendor jar package name beanutils Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low Vendor pom name Apache Commons BeanUtils High Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor file name commons-beanutils High Vendor jar package name commons Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-beanutils Low Product pom parent-groupid org.apache.commons Medium Product Manifest Implementation-Title Apache Commons BeanUtils High Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Product jar package name apache Highest Product pom groupid commons-beanutils Highest Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest bundle-symbolicname org.apache.commons.beanutils Medium Product jar package name beanutils Highest Product pom artifactid commons-beanutils Highest Product Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low Product pom name Apache Commons BeanUtils High Product Manifest specification-title Apache Commons BeanUtils Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product file name commons-beanutils High Product jar package name commons Highest Product pom parent-artifactid commons-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Version file version 1.9.3 High Version Manifest Implementation-Version 1.9.3 High Version Manifest Bundle-Version 1.9.3 High Version pom version 1.9.3 Highest Version pom parent-version 1.9.3 Low
Related Dependencies commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 commons-beanutils-1.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-beanutils-1.9.3.jar MD5: 4a105c9d029a7edc6f2b16567d37eab6 SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73 Published Vulnerabilities CVE-2019-10086 suppress
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
commons-codec-1.10.jarDescription:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569
Evidence Type Source Name Value Confidence Vendor pom name Apache Commons Codec High Vendor pom parent-groupid org.apache.commons Medium Vendor pom groupid commons-codec Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom artifactid commons-codec Low Vendor file name commons-codec High Vendor pom parent-artifactid commons-parent Low Vendor jar package name apache Highest Vendor jar package name encoder Highest Vendor jar package name codec Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Vendor jar package name commons Highest Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product pom name Apache Commons Codec High Product pom parent-groupid org.apache.commons Medium Product Manifest Bundle-Name Apache Commons Codec Medium Product pom groupid commons-codec Highest Product file name commons-codec High Product jar package name apache Highest Product Manifest specification-title Apache Commons Codec Medium Product jar package name encoder Highest Product jar package name codec Highest Product pom url http://commons.apache.org/proper/commons-codec/ Medium Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Product Manifest Implementation-Title Apache Commons Codec High Product pom artifactid commons-codec Highest Product jar package name commons Highest Product pom parent-artifactid commons-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Version file version 1.10 High Version pom version 1.10 Highest Version pom parent-version 1.10 Low Version Manifest Implementation-Version 1.10 High
Related Dependencies commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-codec-1.10.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 commons-collections-3.2.2.jarDescription:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Evidence Type Source Name Value Confidence Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/collections/ Highest Vendor jar package name apache Highest Vendor pom name Apache Commons Collections High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-collections Low Vendor file name commons-collections High Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor jar package name commons Highest Vendor pom groupid commons-collections Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor jar package name collections Highest Product Manifest implementation-url http://commons.apache.org/collections/ Low Product pom parent-groupid org.apache.commons Medium Product Manifest Implementation-Title Apache Commons Collections High Product pom artifactid commons-collections Highest Product jar package name apache Highest Product pom name Apache Commons Collections High Product pom url http://commons.apache.org/collections/ Medium Product Manifest Bundle-Name Apache Commons Collections Medium Product file name commons-collections High Product Manifest specification-title Apache Commons Collections Medium Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product jar package name commons Highest Product pom groupid commons-collections Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product pom parent-artifactid commons-parent Medium Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product jar package name collections Highest Version pom version 3.2.2 Highest Version pom parent-version 3.2.2 Low Version file version 3.2.2 High Version Manifest Bundle-Version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High
Related Dependencies commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections-3.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 commons-collections4-4.1.jarDescription:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom artifactid commons-collections4 Low Vendor jar package name apache Highest Vendor pom name Apache Commons Collections High Vendor jar package name collections4 Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid apache.commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.collections4 Medium Vendor file name commons-collections4 High Vendor jar package name commons Highest Vendor pom url http://commons.apache.org/proper/commons-collections/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Product pom parent-groupid org.apache.commons Medium Product Manifest Implementation-Title Apache Commons Collections High Product jar package name apache Highest Product pom name Apache Commons Collections High Product jar package name collections4 Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Product pom groupid apache.commons Highest Product pom artifactid commons-collections4 Highest Product pom url http://commons.apache.org/proper/commons-collections/ Medium Product Manifest bundle-symbolicname org.apache.commons.collections4 Medium Product file name commons-collections4 High Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest specification-title Apache Commons Collections Medium Product jar package name commons Highest Product pom parent-artifactid commons-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Version Manifest Implementation-Version 4.1 High Version pom version 4.1 Highest Version file version 4.1 High Version pom parent-version 4.1 Low
Related Dependencies commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-collections4-4.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-collections4-4.1.jar MD5: 45af6a8e5b51d5945de6c7411e290bd1 SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5 commons-configuration-1.8.jarDescription:
Tools to assist in the reading of configuration/preferences files in
various formats
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-configuration-1.8.jar
MD5: a69448e8c1e24d989266083c301e354b
SHA1: 6cce40435bcd8018018f16898de01976b319941a
SHA256: e229cf1fe95f7147cbc1f8d31affc07087c206bc8dc7e5b05b6be670910f87ba
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.commons Medium Vendor pom name Commons Configuration High Vendor Manifest bundle-symbolicname org.apache.commons.configuration Medium Vendor file name commons-configuration High Vendor Manifest implementation-build tags/CONFIGURATION_1_8RC1@r1236874; 2012-01-27 21:39:19+0100 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom artifactid commons-configuration Low Vendor pom parent-artifactid commons-parent Low Vendor jar package name apache Highest Vendor Manifest bundle-docurl http://commons.apache.org/configuration/ Low Vendor pom url http://commons.apache.org/configuration/ Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid commons-configuration Highest Vendor jar package name commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name configuration Highest Product pom artifactid commons-configuration Highest Product pom parent-groupid org.apache.commons Medium Product pom name Commons Configuration High Product Manifest bundle-symbolicname org.apache.commons.configuration Medium Product Manifest Bundle-Name Commons Configuration Medium Product file name commons-configuration High Product Manifest implementation-build tags/CONFIGURATION_1_8RC1@r1236874; 2012-01-27 21:39:19+0100 Low Product Manifest specification-title Commons Configuration Medium Product jar package name apache Highest Product Manifest bundle-docurl http://commons.apache.org/configuration/ Low Product Manifest Implementation-Title Commons Configuration High Product pom groupid commons-configuration Highest Product jar package name commons Highest Product pom url http://commons.apache.org/configuration/ Medium Product pom parent-artifactid commons-parent Medium Product jar package name configuration Highest Version pom parent-version 1.8 Low Version pom version 1.8 Highest Version Manifest Implementation-Version 1.8 High Version file version 1.8 High
commons-digester-2.1.jarDescription:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name rules Highest Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor jar package name apache Highest Vendor jar package name digester Highest Vendor pom name Commons Digester High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid commons-digester Highest Vendor pom url http://commons.apache.org/digester/ Highest Vendor jar package name commons Highest Vendor pom artifactid commons-digester Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name commons-digester High Product pom url http://commons.apache.org/digester/ Medium Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product pom parent-groupid org.apache.commons Medium Product jar package name rules Highest Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product jar package name apache Highest Product jar package name digester Highest Product pom name Commons Digester High Product Manifest Bundle-Name Commons Digester Medium Product pom groupid commons-digester Highest Product jar package name commons Highest Product pom parent-artifactid commons-parent Medium Product Manifest Implementation-Title Commons Digester High Product file name commons-digester High Product Manifest specification-title Commons Digester Medium Product pom artifactid commons-digester Highest Version pom parent-version 2.1 Low Version file version 2.1 High Version pom version 2.1 Highest Version Manifest Implementation-Version 2.1 High Version Manifest Bundle-Version 2.1 High
Related Dependencies commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-digester-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d commons-httpclient-3.1.jarDescription:
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Evidence Type Source Name Value Confidence Vendor jar package name httpclient Low Vendor pom organization url http://jakarta.apache.org/ Medium Vendor pom groupid commons-httpclient Highest Vendor pom organization name Apache Software Foundation High Vendor jar package name apache Highest Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium Vendor jar package name commons Low Vendor file name commons-httpclient High Vendor jar package name apache Low Vendor pom artifactid commons-httpclient Low Vendor central groupid commons-httpclient Highest Vendor pom name HttpClient High Product jar package name httpclient Low Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium Product pom artifactid commons-httpclient Highest Product pom groupid commons-httpclient Highest Product jar package name apache Highest Product central artifactid commons-httpclient Highest Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium Product jar package name commons Low Product pom organization url http://jakarta.apache.org/ Low Product file name commons-httpclient High Product jar package name httpclient Highest Product pom organization name Apache Software Foundation Low Product jar package name commons Highest Product pom name HttpClient High Version pom version 3.1 Highest Version manifest: org/apache/commons/httpclient Implementation-Version 3.1 Medium Version central version 3.1 Highest Version file version 3.1 High
Related Dependencies commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-httpclient-3.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-httpclient-3.1.jar MD5: 8ad8c9229ef2d59ab9f59f7050e846a5 SHA1: 964cd74171f427720480efdec40a7c7f6e58426a SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443 commons-io-2.4.jarDescription:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
SHA256: cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build tags/2.4-RC2@r1349569; 2012-06-12 18:18:20-0400 Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/io/ Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom groupid commons-io Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-docurl http://commons.apache.org/io/ Low Vendor jar package name apache Highest Vendor pom name Commons IO High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name io Highest Vendor file name commons-io High Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor pom artifactid commons-io Low Vendor jar package name commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Product Manifest implementation-build tags/2.4-RC2@r1349569; 2012-06-12 18:18:20-0400 Low Product pom parent-groupid org.apache.commons Medium Product Manifest Implementation-Title Commons IO High Product pom groupid commons-io Highest Product Manifest bundle-docurl http://commons.apache.org/io/ Low Product Manifest Bundle-Name Commons IO Medium Product jar package name apache Highest Product pom name Commons IO High Product pom artifactid commons-io Highest Product jar package name io Highest Product file name commons-io High Product Manifest bundle-symbolicname org.apache.commons.io Medium Product pom url http://commons.apache.org/io/ Medium Product jar package name commons Highest Product pom parent-artifactid commons-parent Medium Product Manifest specification-title Commons IO Medium Version file version 2.4 High Version pom version 2.4 Highest Version pom parent-version 2.4 Low Version Manifest Implementation-Version 2.4 High
Related Dependencies commons-io-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-io-2.4.jar MD5: 7f97854dc04c119d461fed14f5d8bb96 SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad SHA256: cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581 commons-io-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-io-2.4.jar MD5: 7f97854dc04c119d461fed14f5d8bb96 SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad SHA256: cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581 commons-io-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-io-2.4.jar MD5: 7f97854dc04c119d461fed14f5d8bb96 SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad SHA256: cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581 commons-io-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-io-2.4.jar MD5: 7f97854dc04c119d461fed14f5d8bb96 SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad SHA256: cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581 commons-lang-2.4.jarDescription:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom url http://commons.apache.org/lang/ Highest Vendor pom parent-artifactid commons-parent Low Vendor jar package name apache Highest Vendor pom artifactid commons-lang Low Vendor file name commons-lang High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name lang Highest Vendor jar package name commons Highest Vendor pom groupid commons-lang Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Commons Lang High Product pom parent-groupid org.apache.commons Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product jar package name apache Highest Product Manifest Implementation-Title Commons Lang High Product Manifest specification-title Commons Lang Medium Product file name commons-lang High Product pom artifactid commons-lang Highest Product jar package name lang Highest Product jar package name commons Highest Product Manifest Bundle-Name Commons Lang Medium Product pom groupid commons-lang Highest Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/lang/ Medium Product pom name Commons Lang High Version file version 2.4 High Version pom version 2.4 Highest Version pom parent-version 2.4 Low Version Manifest Bundle-Version 2.4 High Version Manifest Implementation-Version 2.4 High
Related Dependencies commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-lang-2.4.jar MD5: 237a8e845441bad2e535c57d985c8204 SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11 SHA256: 2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e commons-lang-2.5.jarDescription:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-lang-2.5.jar
MD5: ab04c560caea60d3b0050beb57776a32
SHA1: b0236b252e86419eef20c31a44579d2aee2f0a69
SHA256: a64e0c73988fef8d5b73fc29d105a3a6e2dc5d9b90a94fca065cd2439dc56590
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom url http://commons.apache.org/lang/ Highest Vendor pom parent-artifactid commons-parent Low Vendor jar package name apache Highest Vendor pom artifactid commons-lang Low Vendor file name commons-lang High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name lang Highest Vendor jar package name commons Highest Vendor pom groupid commons-lang Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Commons Lang High Product pom parent-groupid org.apache.commons Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product jar package name apache Highest Product Manifest Implementation-Title Commons Lang High Product Manifest specification-title Commons Lang Medium Product file name commons-lang High Product pom artifactid commons-lang Highest Product jar package name lang Highest Product jar package name commons Highest Product Manifest Bundle-Name Commons Lang Medium Product pom groupid commons-lang Highest Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/lang/ Medium Product pom name Commons Lang High Version pom parent-version 2.5 Low Version file version 2.5 High Version pom version 2.5 Highest Version Manifest Implementation-Version 2.5 High Version Manifest Bundle-Version 2.5 High
commons-lang3-3.4.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-lang3-3.4.jar
MD5: 8667a442ee77e509fbe8176b94726eb2
SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050
SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b
Evidence Type Source Name Value Confidence Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest implementation-build tags/LANG_3_4_RC2@r1671054; 2015-04-03 12:30:21+0000 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor jar package name apache Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid apache.commons Highest Vendor pom name Apache Commons Lang High Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Low Vendor file name commons-lang3 High Product Manifest Implementation-Title Apache Commons Lang High Product pom parent-groupid org.apache.commons Medium Product Manifest implementation-build tags/LANG_3_4_RC2@r1671054; 2015-04-03 12:30:21+0000 Low Product Manifest specification-title Apache Commons Lang Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product jar package name apache Highest Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product pom groupid apache.commons Highest Product pom name Apache Commons Lang High Product jar package name commons Highest Product jar package name lang3 Highest Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product pom parent-artifactid commons-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid commons-lang3 Highest Product file name commons-lang3 High Version pom version 3.4 Highest Version pom parent-version 3.4 Low Version file version 3.4 High Version Manifest Implementation-Version 3.4 High
Related Dependencies commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-lang3-3.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-lang3-3.4.jar MD5: 8667a442ee77e509fbe8176b94726eb2 SHA1: 5fe28b9518e58819180a43a850fbc0dd24b7c050 SHA256: 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b commons-logging-1.0.4.jarDescription:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
The Apache Software License, Version 2.0: /LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-logging-1.0.4.jar
MD5: 8a507817b28077e0478add944c64586a
SHA1: f029a2aefe2b3e1517573c580f948caac31b1056
SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e
Evidence Type Source Name Value Confidence Vendor central groupid commons-logging Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor file name commons-logging High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name apache Highest Vendor jar package name commons Low Vendor pom groupid commons-logging Highest Vendor pom name Logging High Vendor jar package name apache Low Vendor pom organization url http://jakarta.apache.org Medium Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor pom artifactid commons-logging Low Vendor Manifest extension-name org.apache.commons.logging Medium Vendor pom organization name The Apache Software Foundation High Vendor pom url http://jakarta.apache.org/commons/logging/ Highest Vendor jar package name logging Low Product file name commons-logging High Product jar package name impl Low Product pom artifactid commons-logging Highest Product pom organization name The Apache Software Foundation Low Product jar package name apache Highest Product jar package name commons Low Product pom groupid commons-logging Highest Product pom name Logging High Product central artifactid commons-logging Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest extension-name org.apache.commons.logging Medium Product pom url http://jakarta.apache.org/commons/logging/ Medium Product jar package name logging Low Product pom organization url http://jakarta.apache.org Low Version central version 1.0.4 Highest Version pom version 1.0.4 Highest Version file version 1.0.4 High Version Manifest Implementation-Version 1.0.4 High
Related Dependencies commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.0.4.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-logging-1.0.4.jar MD5: 8a507817b28077e0478add944c64586a SHA1: f029a2aefe2b3e1517573c580f948caac31b1056 SHA256: e94af49749384c11f5aa50e8d0f5fe679be771295b52030338d32843c980351e commons-logging-1.1.3.jarDescription:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
SHA256: 70903f6fc82e9908c8da9f20443f61d90f0870a312642991fe8462a0b9391784
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build tags/LOGGING_1_1_3_RC2@r1483540; 2013-05-16 22:04:41+0200 Low Vendor file name commons-logging High Vendor pom parent-groupid org.apache.commons Medium Vendor pom name Commons Logging High Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Vendor jar package name apache Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor pom groupid commons-logging Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Low Product Manifest implementation-build tags/LOGGING_1_1_3_RC2@r1483540; 2013-05-16 22:04:41+0200 Low Product file name commons-logging High Product pom parent-groupid org.apache.commons Medium Product pom artifactid commons-logging Highest Product pom name Commons Logging High Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product jar package name apache Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest Implementation-Title Commons Logging High Product pom groupid commons-logging Highest Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product Manifest specification-title Commons Logging Medium Product jar package name commons Highest Product jar package name logging Highest Product pom parent-artifactid commons-parent Medium Product Manifest Bundle-Name Commons Logging Medium Version Manifest Implementation-Version 1.1.3 High Version Manifest Bundle-Version 1.1.3 High Version pom parent-version 1.1.3 Low Version pom version 1.1.3 Highest Version file version 1.1.3 High
Related Dependencies commons-logging-1.1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-logging-1.1.3.jar MD5: 92eb5aabc1b47287de53d45c086a435c SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f SHA256: 70903f6fc82e9908c8da9f20443f61d90f0870a312642991fe8462a0b9391784 commons-logging-1.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor file name commons-logging High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Vendor jar package name apache Highest Vendor pom name Apache Commons Logging High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor pom groupid commons-logging Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Low Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product file name commons-logging High Product pom parent-groupid org.apache.commons Medium Product pom artifactid commons-logging Highest Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product jar package name apache Highest Product pom name Apache Commons Logging High Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product pom groupid commons-logging Highest Product Manifest specification-title Apache Commons Logging Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product jar package name commons Highest Product jar package name logging Highest Product pom parent-artifactid commons-parent Medium Product Manifest Implementation-Title Apache Commons Logging High Version Manifest Implementation-Version 1.2 High Version file version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
commons-pool2-2.4.2.jarDescription:
Apache Commons Object Pooling Library License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-pool2-2.4.2.jar
MD5: 62727a85e2e1bf6a756f5571d19cc71c
SHA1: e5f4f28f19d57716fbc3989d7a357ebf1e454fea
SHA256: 21112aa673733dfcd045354ddf75b31e1d464b99c8e515974349b2532254cc53
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.commons Medium Vendor pom artifactid commons-pool2 Low Vendor pom url http://commons.apache.org/proper/commons-pool/ Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons Pool High Vendor jar package name apache Highest Vendor file name commons-pool2 High Vendor Manifest bundle-symbolicname org.apache.commons.pool2 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid apache.commons Highest Vendor Manifest implementation-build tags/POOL_2_4_2_RC1@r1693165; 2015-07-29 02:14:43+0000 Low Vendor jar package name pool2 Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-pool/ Low Vendor jar package name commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Product pom parent-groupid org.apache.commons Medium Product pom name Apache Commons Pool High Product pom artifactid commons-pool2 Highest Product jar package name apache Highest Product Manifest Bundle-Name Apache Commons Pool Medium Product file name commons-pool2 High Product Manifest bundle-symbolicname org.apache.commons.pool2 Medium Product Manifest specification-title Apache Commons Pool Medium Product pom groupid apache.commons Highest Product Manifest implementation-build tags/POOL_2_4_2_RC1@r1693165; 2015-07-29 02:14:43+0000 Low Product pom url http://commons.apache.org/proper/commons-pool/ Medium Product jar package name pool2 Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-pool/ Low Product jar package name commons Highest Product Manifest Implementation-Title Apache Commons Pool High Product pom parent-artifactid commons-parent Medium Version pom version 2.4.2 Highest Version pom parent-version 2.4.2 Low Version Manifest Bundle-Version 2.4.2 High Version Manifest Implementation-Version 2.4.2 High Version file version 2.4.2 High
commons-validator-1.2.0.jarDescription:
Commons Validator provides the building blocks for both client side validation
and server side data validation. It may be used standalone or with a framework like
Struts. License:
The Apache Software License, Version 2.0: /LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar
MD5: 9fce68eba660211681217f0b119041c5
SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805
SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb
Evidence Type Source Name Value Confidence Vendor pom groupid commons-validator Highest Vendor jar package name validator Highest Vendor Manifest extension-name commons-validator Medium Vendor jar package name validator Low Vendor jar package name apache Highest Vendor jar package name commons Low Vendor central groupid commons-validator Highest Vendor file name commons-validator High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-validator Low Vendor jar package name apache Low Vendor pom organization url http://jakarta.apache.org Medium Vendor pom url http://jakarta.apache.org/commons/${pom.artifactId.substring(8)}/ Highest Vendor jar package name commons Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Validator High Vendor pom organization name The Apache Software Foundation High Product pom groupid commons-validator Highest Product jar package name validator Highest Product pom organization name The Apache Software Foundation Low Product pom url http://jakarta.apache.org/commons/${pom.artifactId.substring(8)}/ Medium Product Manifest extension-name commons-validator Medium Product Manifest specification-title Commons Validator Medium Product jar package name validator Low Product jar package name apache Highest Product jar package name commons Low Product file name commons-validator High Product Manifest Implementation-Title org.apache.commons.validator High Product pom artifactid commons-validator Highest Product jar package name commons Highest Product central artifactid commons-validator Highest Product pom name Validator High Product pom organization url http://jakarta.apache.org Low Version file version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High Version central version 1.2.0 Highest Version pom version 1.2.0 Highest
Related Dependencies commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/commons-validator-1.2.0.jar MD5: 9fce68eba660211681217f0b119041c5 SHA1: 13dcebc00d206605bea72f6191b80370eb3ca805 SHA256: ad7565ec5ce34d53083777ad93d1ff08cdb37142f579f435131b1ab7f3796cdb commons-validator-1.2.0.jar: validateByte.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateByte.jsMD5: 82bf8b56ce471f2e1a5394aaaf322423SHA1: 3147005b9c5e5e47c014089a94d5d1f1f88e449bSHA256: 68edb86fb5bb9df9b7a5366c8bb14f42e5af78106cb63fb5b9b51418ac49f5f3
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateCreditCard.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateCreditCard.jsMD5: d10932b82e8abf51bff2bc82ee7d6785SHA1: 967b7cb3e6e97782ba6d8bea18c81200d2bffbb3SHA256: 8f786f25b37d76959d2ac9d03f2cf99184909699792a4ec8818eab9fefd72358
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateDate.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateDate.jsMD5: 27c8fb966d7b111acca8dd543f0838acSHA1: 71afdff1e345feae7bba42ce392cf5af8c4c63dfSHA256: 2c2a9840e478e7f954904a367ba4ebc5ee313392902b0150d4792bb4609b91a6
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateEmail.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateEmail.jsMD5: 975d0a38368ac5aa56ad2ae9295e56d8SHA1: 500d31025477d50aa708a0f02cb6778722a4d078SHA256: 6f35e0642b5ae2fa29309f87d84b070337081913f72ddb0ed14547198be70585
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateFloat.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateFloat.jsMD5: f84186cfa81110a4f98fab13aca666c7SHA1: 3989a1515b110e7d7191061cd51e086224abc88fSHA256: 1633df82297e00328ad1496f4f64d3452fa3facd9152618ca12c69627f5a4921
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateFloatRange.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateFloatRange.jsMD5: 6f9f96c31ec9b4dc55cce8cb937742c0SHA1: a68ec586d77b4caff3d0d84fbf0b6cb7f5ff5e2fSHA256: 32aedb81494126c81ff8e0ed4b4e37d15fd6c16e199596c56b7bb4e41c19ad4f
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateIntRange.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateIntRange.jsMD5: 382520fe34cafbe13a7d7209b6e3db03SHA1: 6a32004a88b7d03a91b6e5e0a97daae419f4b390SHA256: e8fb86a1a06e9f4f5ce6d4cd8a7b95de3bbb3a614dce5ff9852573466dda2b83
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateInteger.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateInteger.jsMD5: 94700a547d0ef8fbcfc271cd22146683SHA1: 52ef7f47795d06ac65f762bf959288cd7f1920c7SHA256: ca11cb500dc30f4f28fe49794aae534cca9e455049cfa928f31e2c5f7f11526e
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateMask.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateMask.jsMD5: 5381744a9a9887d1aad62c0d257e568dSHA1: e4eab30f4cdea752758a7e0799824287ec015d01SHA256: da11bc4a6aeee4987a0667db97a8e89480e146e982bc529d80637f284a04d3b7
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateMaxLength.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateMaxLength.jsMD5: e82d7a83da445d183b2e1dcc07e0f997SHA1: ac5e8a12f849e9bc8199366bc56771386f8a5798SHA256: e2e92c9afaf7f2a56109df14955ea11df8f54d3db58906befb924e055ddcc9d5
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateMinLength.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateMinLength.jsMD5: da46b0782fe5d177f1870be17e6af8feSHA1: a2d0f5d74e85a798f4e4bcb34c16d49a4337eb74SHA256: 5d828180e61483e3cd82182136b299549158f196672ecfb91ad5d3ca2cfa6957
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateRequired.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateRequired.jsMD5: d1b859569270ef31f933659ed7e72079SHA1: 979e34e570ebba97d65a0b14a6b2edfb3ea1351cSHA256: dc1f600326ae2501144979d7c26264736689f417855fa9d25cbf86a5826b6077
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateShort.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateShort.jsMD5: c9a7f3816da9d111177e7d85fd5cc994SHA1: a09c0a151273a18d68c770ef9de6bf1e1da3c1daSHA256: 325c299914ff895e24c296f62063ad6ee6d87f12946b4573292bfd53bc5ee88b
Evidence Type Source Name Value Confidence
commons-validator-1.2.0.jar: validateUtilities.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/commons-validator-1.2.0.jar/org/apache/commons/validator/javascript/validateUtilities.jsMD5: 372032ecd55f8f8ce199a506396d0019SHA1: 13d9676bb6329d1acf1dd381d1e723b52d5e55b3SHA256: 8bb5a54103a7767e0756fe5a61d802c4f6793e18a1b9ee83b5a75a188db25472
Evidence Type Source Name Value Confidence
compiler-0.9.3.jarDescription:
Implementation of mustache.js for Java License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/compiler-0.9.3.jar
MD5: 5df26dd0bf9ed3bb0af6e2dbe9cacf2b
SHA1: 2815e016c63bec4f18704ea4f5489106a5b01a99
SHA256: 478ce317231ff42024bf7b6f1447a15e6d961358b564ac158ebfe4c53fdd404f
Evidence Type Source Name Value Confidence Vendor pom groupid github.spullara.mustache.java Highest Vendor file name compiler High Vendor jar package name github Low Vendor jar package name mustachejava Low Vendor pom name compiler High Vendor pom artifactid compiler Low Vendor pom parent-groupid com.github.spullara.mustache.java Medium Vendor pom url http://github.com/spullara/mustache.java Highest Vendor jar package name github Highest Vendor pom parent-artifactid mustache.java Low Vendor jar package name mustache Highest Product pom groupid github.spullara.mustache.java Highest Product file name compiler High Product jar package name mustachejava Low Product pom name compiler High Product pom artifactid compiler Highest Product pom parent-groupid com.github.spullara.mustache.java Medium Product pom url http://github.com/spullara/mustache.java Medium Product pom parent-artifactid mustache.java Medium Product jar package name github Highest Product jar package name mustache Highest Version pom version 0.9.3 Highest Version file version 0.9.3 High
Related Dependencies compiler-0.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/compiler-0.9.3.jar MD5: 5df26dd0bf9ed3bb0af6e2dbe9cacf2b SHA1: 2815e016c63bec4f18704ea4f5489106a5b01a99 SHA256: 478ce317231ff42024bf7b6f1447a15e6d961358b564ac158ebfe4c53fdd404f compiler-0.9.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/compiler-0.9.3.jar MD5: 5df26dd0bf9ed3bb0af6e2dbe9cacf2b SHA1: 2815e016c63bec4f18704ea4f5489106a5b01a99 SHA256: 478ce317231ff42024bf7b6f1447a15e6d961358b564ac158ebfe4c53fdd404f cucumber-core-1.2.5.jarLicense:
http://www.opensource.org/licenses/mit-license File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-core-1.2.5.jar
MD5: a551e06068996e08b3a85e06ff911628
SHA1: 7255a9d8e0c3b0f9e3cd80503c91c2b088b3d9b5
SHA256: 684f0f9b029a8cd28048bb2b95fc124fd325e21172be375193680943f5ea2aeb
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid cucumber-jvm Low Vendor pom groupid info.cukes Highest Vendor file name cucumber-core High Vendor jar package name cucumber Highest Vendor Manifest bundle-symbolicname info.cukes.cucumber-core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom name Cucumber-JVM: Core High Vendor pom artifactid cucumber-core Low Product pom artifactid cucumber-core Highest Product pom groupid info.cukes Highest Product pom parent-artifactid cucumber-jvm Medium Product file name cucumber-core High Product Manifest Bundle-Name Cucumber-JVM: Core Medium Product jar package name cucumber Highest Product Manifest bundle-symbolicname info.cukes.cucumber-core Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom name Cucumber-JVM: Core High Version pom version 1.2.5 Highest Version Manifest Bundle-Version 1.2.5 High Version file version 1.2.5 High
cucumber-html-0.2.3.jarDescription:
Cucumber-HTML is a cross-platform HTML formatter for all the Cucumber implementations. License:
MIT License: http://www.opensource.org/licenses/mit-license File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-html-0.2.3.jar
MD5: d46fd8733b8aa147f0e5bb37d2e1d5b8
SHA1: 624a0c986088e32910336dd77aee5191c04a8201
SHA256: 79880ba60bfb52ef848c4bf6ebf1073af132ada8b0794d4c72d897e8fe25050b
Evidence Type Source Name Value Confidence Vendor file name cucumber-html High Vendor pom groupid info.cukes Highest Vendor pom artifactid cucumber-html Low Vendor pom name Cucumber-HTML High Product file name cucumber-html High Product pom groupid info.cukes Highest Product pom artifactid cucumber-html Highest Product pom name Cucumber-HTML High Version file version 0.2.3 High Version pom version 0.2.3 Highest
cucumber-html-0.2.3.jar: formatter.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-html-0.2.3.jar/cucumber/formatter/formatter.jsMD5: 8d4c9b885995a65b7dd7572d37c90fc9SHA1: 3e4974620c33b9e3ac789d131b8ef893e0ed8337SHA256: 3af3641b51473a6832490ed5f678338220324c989f0794075f2404ca71e928b1
Evidence Type Source Name Value Confidence
cucumber-html-0.2.3.jar: jquery-1.8.2.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-html-0.2.3.jar/cucumber/formatter/jquery-1.8.2.min.jsMD5: 1d14cd3798bc4d6aaf65dd625870723fSHA1: 0809f9f5caa2642b9dea8bf59133180bfd7c1d6fSHA256: 04bebecfb9f7ce92cf947ce283fccf067cf6870f65af3456dd22b6c102447c83
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.8.2.min High
Published Vulnerabilities CVE-2012-6708 suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cucumber-java-1.2.5.jarLicense:
http://www.opensource.org/licenses/mit-license File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-java-1.2.5.jar
MD5: 80d2fa0c69445a2f9965ebbb09bab7b9
SHA1: 02197dfa9cd7899ddce136a356994ac21f438f80
SHA256: cf21bc8033e4c53d6d71e018c28fb91f1461b573b8683ff45e428c5e06ec0009
Evidence Type Source Name Value Confidence Vendor file name cucumber-java High Vendor Manifest bundle-symbolicname info.cukes.cucumber-java Medium Vendor pom parent-artifactid cucumber-jvm Low Vendor pom groupid info.cukes Highest Vendor jar package name cucumber Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid cucumber-java Low Vendor pom name Cucumber-JVM: Java High Vendor jar package name java Highest Product file name cucumber-java High Product Manifest Bundle-Name Cucumber-JVM: Java Medium Product Manifest bundle-symbolicname info.cukes.cucumber-java Medium Product pom groupid info.cukes Highest Product pom parent-artifactid cucumber-jvm Medium Product jar package name cucumber Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid cucumber-java Highest Product pom name Cucumber-JVM: Java High Product jar package name java Highest Version pom version 1.2.5 Highest Version Manifest Bundle-Version 1.2.5 High Version file version 1.2.5 High
cucumber-junit-1.2.5.jarLicense:
http://www.opensource.org/licenses/mit-license File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-junit-1.2.5.jar
MD5: 4a7d3cf9674b1c2b9f27ac29ca944dbe
SHA1: 7cedd85f2e6b4f2fa1091c921f509275c60e7500
SHA256: 68a700057376c38a6595de2d4d84b39ff357377f7a75b480f40f188bdec15190
Evidence Type Source Name Value Confidence Vendor jar package name junit Highest Vendor pom artifactid cucumber-junit Low Vendor pom parent-artifactid cucumber-jvm Low Vendor file name cucumber-junit High Vendor pom groupid info.cukes Highest Vendor pom name Cucumber-JVM: JUnit High Vendor Manifest bundle-symbolicname info.cukes.cucumber-junit Medium Vendor jar package name cucumber Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name junit Highest Product file name cucumber-junit High Product pom groupid info.cukes Highest Product pom parent-artifactid cucumber-jvm Medium Product pom name Cucumber-JVM: JUnit High Product Manifest bundle-symbolicname info.cukes.cucumber-junit Medium Product jar package name cucumber Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid cucumber-junit Highest Product Manifest Bundle-Name Cucumber-JVM: JUnit Medium Version pom version 1.2.5 Highest Version Manifest Bundle-Version 1.2.5 High Version file version 1.2.5 High
cucumber-jvm-deps-1.0.5.jarLicense:
BSD License: http://xstream.codehaus.org/license.html
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-jvm-deps-1.0.5.jar
MD5: 70e82952895639a7eb4b0e3df72189e8
SHA1: 69ed0efe4b81f05da3c0bdc7281cbdc43f5ceb26
SHA256: 2a4e84a51defe9108579b3c0a86bb41e54f04e9042e83adf4348a974dcf1dee6
Evidence Type Source Name Value Confidence Vendor pom name Cucumber-JVM Repackaged Dependencies High Vendor pom url cucumber/cucumber-jvm-deps Highest Vendor pom groupid info.cukes Highest Vendor pom artifactid cucumber-jvm-deps Low Vendor Manifest bundle-symbolicname info.cukes.cucumber-jvm-deps Medium Vendor jar package name deps Highest Vendor file name cucumber-jvm-deps High Vendor jar package name cucumber Highest Product pom url cucumber/cucumber-jvm-deps High Product pom name Cucumber-JVM Repackaged Dependencies High Product pom groupid info.cukes Highest Product Manifest bundle-symbolicname info.cukes.cucumber-jvm-deps Medium Product jar package name deps Highest Product pom artifactid cucumber-jvm-deps Highest Product file name cucumber-jvm-deps High Product jar package name cucumber Highest Product Manifest Bundle-Name Cucumber-JVM Repackaged Dependencies Medium Version pom version 1.0.5 Highest Version file version 1.0.5 High Version Manifest Bundle-Version 1.0.5 High
cucumber-jvm-deps-1.0.5.jar (shaded: com.googlecode.java-diff-utils:diffutils:1.3.0)Description:
The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-jvm-deps-1.0.5.jar/META-INF/maven/com.googlecode.java-diff-utils/diffutils/pom.xml
MD5: 7840396763fafd8850bd483e096af3c7
SHA1: 7d5e372ff32c90095800f96d8308c41af0285a41
SHA256: 2fe31dd6309b0f5f195bbdc4749cfc0af065d61f06cfe183dfd2f2092ab847b6
Evidence Type Source Name Value Confidence Vendor pom artifactid diffutils Low Vendor pom groupid googlecode.java-diff-utils Highest Vendor pom url http://code.google.com/p/java-diff-utils/ Highest Vendor pom name java-diff-utils High Product pom url http://code.google.com/p/java-diff-utils/ Medium Product pom artifactid diffutils Highest Product pom groupid googlecode.java-diff-utils Highest Product pom name java-diff-utils High Version pom version 1.3.0 Highest
cucumber-jvm-deps-1.0.5.jar (shaded: com.thoughtworks.xstream:xstream:1.4.8)File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-jvm-deps-1.0.5.jar/META-INF/maven/com.thoughtworks.xstream/xstream/pom.xmlMD5: fc12b288915d4cb2952ad6f58feb9f1aSHA1: d673dea56fb9fac5d35d7f909aee94df4f78431dSHA256: 8ba35dd4ea1647b89a8ae082bb6c81d5695a1ec31e73aa57bfa3512069c4bee2
Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.thoughtworks.xstream Medium Vendor pom name XStream Core High Vendor pom artifactid xstream Low Vendor pom groupid thoughtworks.xstream Highest Vendor pom parent-artifactid xstream-parent Low Product pom parent-artifactid xstream-parent Medium Product pom parent-groupid com.thoughtworks.xstream Medium Product pom artifactid xstream Highest Product pom name XStream Core High Product pom groupid thoughtworks.xstream Highest Version pom version 1.4.8 Highest
Published Vulnerabilities CVE-2016-3674 suppress
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. CWE-200 Information Exposure
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2017-7957 suppress
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
cucumber-spring-1.2.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/cucumber-spring-1.2.5.jarMD5: 49e5177563fa90a033aded1bc03f60d5SHA1: 2b96b04759ce9719d20ea74aab59e06e6db5274bSHA256: f1f182c627e8e230ef5a12163c503bf049996ff2e272141e7d4105c5069d2cd5
Evidence Type Source Name Value Confidence Vendor jar package name cucumber Low Vendor pom parent-artifactid cucumber-jvm Low Vendor pom groupid info.cukes Highest Vendor pom name Cucumber-JVM: Spring High Vendor jar package name spring Highest Vendor jar package name cucumber Highest Vendor jar package name java Low Vendor file name cucumber-spring High Vendor pom artifactid cucumber-spring Low Vendor jar package name runtime Low Product pom artifactid cucumber-spring Highest Product pom groupid info.cukes Highest Product pom parent-artifactid cucumber-jvm Medium Product jar package name spring Low Product pom name Cucumber-JVM: Spring High Product jar package name spring Highest Product jar package name cucumber Highest Product jar package name java Low Product file name cucumber-spring High Product jar package name runtime Low Version pom version 1.2.5 Highest Version file version 1.2.5 High
doxia-core-1.1.2.jarDescription:
Doxia core classes and interfaces. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/doxia-core-1.1.2.jarMD5: 19e5116cd565146e47b504eb5f15476dSHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29cSHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.doxia Medium Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor pom groupid apache.maven.doxia Highest Vendor jar package name doxia Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.doxia Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid doxia-core Low Vendor file name doxia-core High Vendor pom name Doxia :: Core High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid doxia Low Product jar package name doxia Highest Product pom parent-artifactid doxia Medium Product file name doxia-core High Product pom parent-groupid org.apache.maven.doxia Medium Product jar package name maven Highest Product pom name Doxia :: Core High Product Manifest specification-title Doxia :: Core Medium Product pom artifactid doxia-core Highest Product Manifest Implementation-Title Doxia :: Core High Product jar package name apache Highest Product pom groupid apache.maven.doxia Highest Version Manifest Implementation-Version 1.1.2 High Version pom version 1.1.2 Highest Version file version 1.1.2 High
Related Dependencies doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-core-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/doxia-core-1.1.2.jar MD5: 19e5116cd565146e47b504eb5f15476d SHA1: 30b5f95ed31d612ad3c64af82904f82e6d4ab29c SHA256: bc5ad57d743890d0a6cefc9f1f3151605008179abc7bfa07be3afbb792fe63e8 doxia-decoration-model-1.1.2.jarDescription:
The Decoration Model handles the site descriptor, also known as site.xml. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/doxia-decoration-model-1.1.2.jarMD5: a3f0de9c545ae6309919499e28176181SHA1: 172cda539c83280c3f7a60022337f454e98c029dSHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.doxia Medium Vendor jar package name maven Highest Vendor pom parent-artifactid doxia-sitetools Low Vendor jar package name apache Highest Vendor jar package name site Highest Vendor pom groupid apache.maven.doxia Highest Vendor jar package name doxia Highest Vendor pom artifactid doxia-decoration-model Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.doxia Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name doxia-decoration-model High Vendor pom name Doxia Sitetools :: Decoration Model High Product pom parent-groupid org.apache.maven.doxia Medium Product Manifest Implementation-Title Doxia Sitetools :: Decoration Model High Product jar package name maven Highest Product jar package name apache Highest Product jar package name site Highest Product pom groupid apache.maven.doxia Highest Product pom parent-artifactid doxia-sitetools Medium Product Manifest specification-title Doxia Sitetools :: Decoration Model Medium Product jar package name doxia Highest Product pom artifactid doxia-decoration-model Highest Product file name doxia-decoration-model High Product pom name Doxia Sitetools :: Decoration Model High Version Manifest Implementation-Version 1.1.2 High Version pom version 1.1.2 Highest Version file version 1.1.2 High
Related Dependencies doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-decoration-model-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/doxia-decoration-model-1.1.2.jar MD5: a3f0de9c545ae6309919499e28176181 SHA1: 172cda539c83280c3f7a60022337f454e98c029d SHA256: a797fc74e1f9c34d447dad503ed9f35fcf4926617924de314e3009b6f3c90eed doxia-logging-api-1.1.jarDescription:
Doxia Logging API. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/doxia-logging-api-1.1.jarMD5: 8e93b74b3fb7353322069d4c996c7887SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66
Evidence Type Source Name Value Confidence Vendor file name doxia-logging-api High Vendor pom parent-groupid org.apache.maven.doxia Medium Vendor pom artifactid doxia-logging-api Low Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor pom groupid apache.maven.doxia Highest Vendor jar package name doxia Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.doxia Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name logging Highest Vendor pom name Doxia :: Logging API High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid doxia Low Product file name doxia-logging-api High Product pom parent-groupid org.apache.maven.doxia Medium Product jar package name maven Highest Product pom artifactid doxia-logging-api Highest Product jar package name apache Highest Product Manifest Implementation-Title Doxia :: Logging API High Product Manifest specification-title Doxia :: Logging API Medium Product pom groupid apache.maven.doxia Highest Product jar package name doxia Highest Product pom parent-artifactid doxia Medium Product jar package name logging Highest Product pom name Doxia :: Logging API High Version Manifest Implementation-Version 1.1 High Version file version 1.1 High Version pom version 1.1 Highest
Related Dependencies doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-logging-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/doxia-logging-api-1.1.jar MD5: 8e93b74b3fb7353322069d4c996c7887 SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48 SHA256: 80f1b67a2f698f0e8dd11e5cedfc28c5b8e6fb2986adf939bfa04d92d9367d66 doxia-module-fml-1.1.2.jarDescription:
A Doxia module for FML source documents. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/doxia-module-fml-1.1.2.jarMD5: 6178979e5be52dc4dd8fa22cce0fd706SHA1: 923531d55433db173b9479cd7af7ef5c2ee023daSHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.doxia Medium Vendor file name doxia-module-fml High Vendor jar package name maven Highest Vendor pom artifactid doxia-module-fml Low Vendor jar package name module Highest Vendor pom parent-artifactid doxia-modules Low Vendor jar package name apache Highest Vendor pom groupid apache.maven.doxia Highest Vendor jar package name doxia Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.doxia Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Doxia :: FML Module High Vendor Manifest specification-vendor The Apache Software Foundation Low Product pom artifactid doxia-module-fml Highest Product pom parent-groupid org.apache.maven.doxia Medium Product file name doxia-module-fml High Product jar package name maven Highest Product jar package name module Highest Product pom parent-artifactid doxia-modules Medium Product Manifest Implementation-Title Doxia :: FML Module High Product jar package name apache Highest Product pom groupid apache.maven.doxia Highest Product Manifest specification-title Doxia :: FML Module Medium Product jar package name doxia Highest Product pom name Doxia :: FML Module High Version Manifest Implementation-Version 1.1.2 High Version pom version 1.1.2 Highest Version file version 1.1.2 High
Related Dependencies doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-fml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/doxia-module-fml-1.1.2.jar MD5: 6178979e5be52dc4dd8fa22cce0fd706 SHA1: 923531d55433db173b9479cd7af7ef5c2ee023da SHA256: 99cfc10cdb5401d12df0a1ec54b24cf366de17e3988f90b4068802537a19df35 doxia-module-xhtml-1.1.2.jarDescription:
A Doxia module for Xhtml source documents. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/doxia-module-xhtml-1.1.2.jarMD5: c8dbf38e471b017881e05d0a9d1e9c6fSHA1: 11566856aa0bd7780842de4be791d583df8ad8bfSHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.doxia Medium Vendor jar package name maven Highest Vendor jar package name module Highest Vendor pom parent-artifactid doxia-modules Low Vendor pom name Doxia :: XHTML Module High Vendor file name doxia-module-xhtml High Vendor jar package name apache Highest Vendor pom groupid apache.maven.doxia Highest Vendor jar package name doxia Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.doxia Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid doxia-module-xhtml Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product Manifest specification-title Doxia :: XHTML Module Medium Product pom parent-groupid org.apache.maven.doxia Medium Product jar package name maven Highest Product jar package name module Highest Product pom parent-artifactid doxia-modules Medium Product pom name Doxia :: XHTML Module High Product file name doxia-module-xhtml High Product jar package name apache Highest Product pom artifactid doxia-module-xhtml Highest Product pom groupid apache.maven.doxia Highest Product jar package name doxia Highest Product Manifest Implementation-Title Doxia :: XHTML Module High Version Manifest Implementation-Version 1.1.2 High Version pom version 1.1.2 Highest Version file version 1.1.2 High
Related Dependencies doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-module-xhtml-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/doxia-module-xhtml-1.1.2.jar MD5: c8dbf38e471b017881e05d0a9d1e9c6f SHA1: 11566856aa0bd7780842de4be791d583df8ad8bf SHA256: 013f5703944a129f7d1706414bb8e9f452b6aed1b353db15cdaf4d498671f31a doxia-sink-api-1.1.jarDescription:
Doxia Sink API. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/doxia-sink-api-1.1.jarMD5: 83936a5b87b5a2ead35c8987d984b14aSHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.doxia Medium Vendor jar package name maven Highest Vendor pom artifactid doxia-sink-api Low Vendor file name doxia-sink-api High Vendor jar package name apache Highest Vendor pom groupid apache.maven.doxia Highest Vendor pom name Doxia :: Sink API High Vendor jar package name doxia Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.doxia Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name sink Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid doxia Low Product pom parent-groupid org.apache.maven.doxia Medium Product jar package name maven Highest Product file name doxia-sink-api High Product jar package name apache Highest Product pom groupid apache.maven.doxia Highest Product pom name Doxia :: Sink API High Product jar package name doxia Highest Product pom parent-artifactid doxia Medium Product Manifest Implementation-Title Doxia :: Sink API High Product pom artifactid doxia-sink-api Highest Product jar package name sink Highest Product Manifest specification-title Doxia :: Sink API Medium Version Manifest Implementation-Version 1.1 High Version file version 1.1 High Version pom version 1.1 Highest
Related Dependencies doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-sink-api-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/doxia-sink-api-1.1.jar MD5: 83936a5b87b5a2ead35c8987d984b14a SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44 SHA256: c59e706156064a6a02444212b16cec3f3403bd626f124223abeaaf8f66447e92 doxia-site-renderer-1.1.2.jarDescription:
The Site Renderer handles the rendering of sites. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/doxia-site-renderer-1.1.2.jarMD5: fda936ce523db8f09b3123d516aec628SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.doxia Medium Vendor jar package name maven Highest Vendor pom parent-artifactid doxia-sitetools Low Vendor jar package name apache Highest Vendor pom groupid apache.maven.doxia Highest Vendor pom name Doxia Sitetools :: Site Renderer Component High Vendor jar package name doxia Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.doxia Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name doxia-site-renderer High Vendor pom artifactid doxia-site-renderer Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product pom artifactid doxia-site-renderer Highest Product pom name Doxia Sitetools :: Site Renderer Component High Product jar package name doxia Highest Product pom parent-groupid org.apache.maven.doxia Medium Product jar package name maven Highest Product file name doxia-site-renderer High Product Manifest specification-title Doxia Sitetools :: Site Renderer Component Medium Product jar package name apache Highest Product pom groupid apache.maven.doxia Highest Product pom parent-artifactid doxia-sitetools Medium Product Manifest Implementation-Title Doxia Sitetools :: Site Renderer Component High Version Manifest Implementation-Version 1.1.2 High Version pom version 1.1.2 Highest Version file version 1.1.2 High
Related Dependencies doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 doxia-site-renderer-1.1.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/doxia-site-renderer-1.1.2.jar MD5: fda936ce523db8f09b3123d516aec628 SHA1: 3b089bbe153468845e6caabd35c2a8b879939ee4 SHA256: 5611125ec58a28db821dedfb76f90c1c2197e8f992555f3d4ca3efb5fc8e7066 druid-1.0.23.jarDescription:
An JDBC datasource implementation. License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/druid-1.0.23.jar
MD5: 4ef7bc3e39d615fc919796d0cf53fe27
SHA1: 2c1ea1f15b2820fb3cc5d9255f9540b99cdeefe6
SHA256: 138a3b48b628c776a4c5c87817377da5a69d4a2a0ab5280724e3051a8c65e3ea
Evidence Type Source Name Value Confidence Vendor jar package name alibaba Highest Vendor jar package name druid Highest Vendor file name druid High Vendor Manifest Implementation-Vendor-Id com.alibaba Medium Vendor pom organization url http://code.alibabatech.com/ Medium Vendor pom url alibaba/druid Highest Vendor pom artifactid druid Low Vendor Manifest implementation-build 2016-07-16 22:59:21 Low Vendor pom organization name Alibaba Group High Vendor pom groupid alibaba Highest Vendor pom name druid High Vendor jar package name jdbc Highest Vendor Manifest Implementation-Vendor Alibaba Group High Product jar package name alibaba Highest Product jar package name druid Highest Product file name druid High Product pom artifactid druid Highest Product pom organization url http://code.alibabatech.com/ Low Product Manifest implementation-build 2016-07-16 22:59:21 Low Product pom url alibaba/druid High Product pom groupid alibaba Highest Product Manifest Implementation-Title druid High Product pom name druid High Product pom organization name Alibaba Group Low Product jar package name jdbc Highest Version file version 1.0.23 High Version pom version 1.0.23 Highest Version Manifest Implementation-Version 1.0.23 High
Related Dependencies druid-1.0.23.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/druid-1.0.23.jar MD5: 4ef7bc3e39d615fc919796d0cf53fe27 SHA1: 2c1ea1f15b2820fb3cc5d9255f9540b99cdeefe6 SHA256: 138a3b48b628c776a4c5c87817377da5a69d4a2a0ab5280724e3051a8c65e3ea druid-1.0.23.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/druid-1.0.23.jar MD5: 4ef7bc3e39d615fc919796d0cf53fe27 SHA1: 2c1ea1f15b2820fb3cc5d9255f9540b99cdeefe6 SHA256: 138a3b48b628c776a4c5c87817377da5a69d4a2a0ab5280724e3051a8c65e3ea druid-1.0.23.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/druid-1.0.23.jar MD5: 4ef7bc3e39d615fc919796d0cf53fe27 SHA1: 2c1ea1f15b2820fb3cc5d9255f9540b99cdeefe6 SHA256: 138a3b48b628c776a4c5c87817377da5a69d4a2a0ab5280724e3051a8c65e3ea druid-1.0.23.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/druid-1.0.23.jar MD5: 4ef7bc3e39d615fc919796d0cf53fe27 SHA1: 2c1ea1f15b2820fb3cc5d9255f9540b99cdeefe6 SHA256: 138a3b48b628c776a4c5c87817377da5a69d4a2a0ab5280724e3051a8c65e3ea druid-1.0.23.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/druid-1.0.23.jar MD5: 4ef7bc3e39d615fc919796d0cf53fe27 SHA1: 2c1ea1f15b2820fb3cc5d9255f9540b99cdeefe6 SHA256: 138a3b48b628c776a4c5c87817377da5a69d4a2a0ab5280724e3051a8c65e3ea druid-1.0.23.jar: bootstrap.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/druid-1.0.23.jar/support/http/resources/js/bootstrap.min.jsMD5: e90c5ecfa0f7dcfdb6b8ef8aa756acebSHA1: 17686183020cff03e19e960ac8c135c3e9652174SHA256: 354751191e20ab0c948f00065077d20313dfd68305c0a43757c68e1e8ec3d647
Evidence Type Source Name Value Confidence
druid-1.0.23.jar: common.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/druid-1.0.23.jar/support/http/resources/js/common.jsMD5: fb71736f1c59fdf73e305d09283593f1SHA1: 13572254dc71394f73307b33a9f37773194d26a8SHA256: 79e0b1da2f28f7d519f1197e5e96f3dcf0a56c333d4e6f0dfe6f107f08e5ddb7
Evidence Type Source Name Value Confidence
druid-1.0.23.jar: doT.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/druid-1.0.23.jar/support/http/resources/js/doT.jsMD5: bb0029bab77e01e80957dc8155c09ad6SHA1: d8922e15f3348769feb4d96ee14b644b90ca5f54SHA256: 81d508eb6eb011e638b8f2c67f1d12c6a1be9a0b93f8259094fdefde2c87346d
Evidence Type Source Name Value Confidence
druid-1.0.23.jar: jquery.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/druid-1.0.23.jar/support/http/resources/js/jquery.min.jsMD5: a5cec7920ad750f7a5d9f13742797df7SHA1: bec218fe5096d480c9e6ad8c0aaa950de65aeab2SHA256: bef783339172a7feca5c8f71e4ffe019cded8c4da4de3e3c76c20b20157af5cc
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.8.0 High
Published Vulnerabilities CVE-2012-6708 suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 druid-1.0.23.jar: lang.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/druid-1.0.23.jar/support/http/resources/js/lang.jsMD5: ec0c5411b128b5fadadc023ff52533faSHA1: 2e7915818acca0afe1816b1c60ead9cf7fc7cfe7SHA256: d8fd86f83e5f6e12d33add2d0b3aa99027e370ca9935596145c908ab623b125d
Evidence Type Source Name Value Confidence
ehcache-2.10.3.jarDescription:
Ehcache is an open source, standards-based cache used to boost performance,
offload the database and simplify scalability. Ehcache is robust, proven and full-featured and
this has made it the most widely-used Java-based cache. License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/ehcache-2.10.3.jar
MD5: 4abeb9314789f894dc00144a70dedc08
SHA1: cf74f9a4a049f181833b147a1d9aa62159c9d01d
SHA256: 61954bb0c48d49cf1df4a3c3fa1bb42c95bebcf5c3e0be6548a26bb063b3c726
Evidence Type Source Name Value Confidence Vendor pom groupid net.sf.ehcache Highest Vendor pom name ehcache High Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest buildinfo-revision 10483 Low Vendor pom url http://ehcache.org Highest Vendor Manifest bundle-symbolicname net.sf.ehcache Medium Vendor Manifest buildinfo-url https://svn.terracotta.org/repo/ehcache/tags/ehcache-2.10.3 Low Vendor Manifest Implementation-Vendor Terracotta, Inc. High Vendor jar package name ehcache Highest Vendor Manifest buildinfo-timestamp 20161014-071633 Low Vendor Manifest bundle-docurl http://www.terracotta.org Low Vendor jar package name terracotta Highest Vendor Manifest terracotta-projectstatus Supported Low Vendor jar package name net Highest Vendor Manifest terracotta-name ehcache Medium Vendor pom artifactid ehcache Low Vendor pom parent-artifactid ehcache-root Low Vendor file name ehcache High Vendor jar package name sf Highest Vendor Manifest Implementation-Vendor-Id net.sf.ehcache Medium Product Manifest Bundle-Name ehcache Medium Product pom groupid net.sf.ehcache Highest Product pom name ehcache High Product pom url http://ehcache.org Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest buildinfo-revision 10483 Low Product Manifest bundle-symbolicname net.sf.ehcache Medium Product Manifest buildinfo-url https://svn.terracotta.org/repo/ehcache/tags/ehcache-2.10.3 Low Product jar package name ehcache Highest Product Manifest buildinfo-timestamp 20161014-071633 Low Product Manifest bundle-docurl http://www.terracotta.org Low Product jar package name terracotta Highest Product Manifest terracotta-projectstatus Supported Low Product pom parent-artifactid ehcache-root Medium Product jar package name net Highest Product Manifest terracotta-name ehcache Medium Product pom artifactid ehcache Highest Product file name ehcache High Product jar package name sf Highest Product Manifest Implementation-Title ehcache High Version Manifest Bundle-Version 2.10.3 High Version pom version 2.10.3 Highest Version file version 2.10.3 High Version Manifest Implementation-Version 2.10.3 High
Related Dependencies ehcache-2.10.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/ehcache-2.10.3.jar MD5: 4abeb9314789f894dc00144a70dedc08 SHA1: cf74f9a4a049f181833b147a1d9aa62159c9d01d SHA256: 61954bb0c48d49cf1df4a3c3fa1bb42c95bebcf5c3e0be6548a26bb063b3c726 ehcache-2.10.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/ehcache-2.10.3.jar MD5: 4abeb9314789f894dc00144a70dedc08 SHA1: cf74f9a4a049f181833b147a1d9aa62159c9d01d SHA256: 61954bb0c48d49cf1df4a3c3fa1bb42c95bebcf5c3e0be6548a26bb063b3c726 ehcache-2.10.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/ehcache-2.10.3.jar MD5: 4abeb9314789f894dc00144a70dedc08 SHA1: cf74f9a4a049f181833b147a1d9aa62159c9d01d SHA256: 61954bb0c48d49cf1df4a3c3fa1bb42c95bebcf5c3e0be6548a26bb063b3c726 ehcache-2.10.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/ehcache-2.10.3.jar MD5: 4abeb9314789f894dc00144a70dedc08 SHA1: cf74f9a4a049f181833b147a1d9aa62159c9d01d SHA256: 61954bb0c48d49cf1df4a3c3fa1bb42c95bebcf5c3e0be6548a26bb063b3c726 ehcache-core-2.6.11.jarDescription:
This is the ehcache core module. Pair it with other modules for added functionality. License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/ehcache-core-2.6.11.jar
MD5: 81840aace00ec514154d6dac91ba43e5
SHA1: fae7f84a5ffabe1b814e40190650c0ad5aeda5b1
SHA256: ffe3580aadb6e07f86e49e326f3402fe8dfbf3470eb2782d68507bd31d75af88
Evidence Type Source Name Value Confidence Vendor pom groupid net.sf.ehcache Highest Vendor jar package name ehcache Highest Vendor pom parent-artifactid ehcache-parent Low Vendor pom artifactid ehcache-core Low Vendor jar package name net Highest Vendor file name ehcache-core High Vendor jar package name sf Highest Vendor pom url http://ehcache.org Highest Vendor pom name Ehcache Core High Product pom groupid net.sf.ehcache Highest Product jar package name ehcache Highest Product pom url http://ehcache.org Medium Product jar package name net Highest Product pom parent-artifactid ehcache-parent Medium Product file name ehcache-core High Product jar package name sf Highest Product pom artifactid ehcache-core Highest Product pom name Ehcache Core High Version pom parent-version 2.6.11 Low Version pom version 2.6.11 Highest Version file version 2.6.11 High
Related Dependencies ehcache-core-2.6.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/ehcache-core-2.6.11.jar MD5: 81840aace00ec514154d6dac91ba43e5 SHA1: fae7f84a5ffabe1b814e40190650c0ad5aeda5b1 SHA256: ffe3580aadb6e07f86e49e326f3402fe8dfbf3470eb2782d68507bd31d75af88 ehcache-core-2.6.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/ehcache-core-2.6.11.jar MD5: 81840aace00ec514154d6dac91ba43e5 SHA1: fae7f84a5ffabe1b814e40190650c0ad5aeda5b1 SHA256: ffe3580aadb6e07f86e49e326f3402fe8dfbf3470eb2782d68507bd31d75af88 ehcache-core-2.6.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/ehcache-core-2.6.11.jar MD5: 81840aace00ec514154d6dac91ba43e5 SHA1: fae7f84a5ffabe1b814e40190650c0ad5aeda5b1 SHA256: ffe3580aadb6e07f86e49e326f3402fe8dfbf3470eb2782d68507bd31d75af88 ehcache-core-2.6.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/ehcache-core-2.6.11.jar MD5: 81840aace00ec514154d6dac91ba43e5 SHA1: fae7f84a5ffabe1b814e40190650c0ad5aeda5b1 SHA256: ffe3580aadb6e07f86e49e326f3402fe8dfbf3470eb2782d68507bd31d75af88 ehcache-core-2.6.11.jar: sizeof-agent.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/ehcache-core-2.6.11.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jarMD5: 5ad919b3ac0516897bdca079c9a222a8SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571cSHA256: 3bcd560ca5f05248db9b689244b043e9c7549e3791281631a64e5dfff15870d2
Evidence Type Source Name Value Confidence Vendor pom groupid net.sf.ehcache Highest Vendor pom name Ehcache Size-Of Agent High Vendor Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Vendor Manifest jenkins-build-number 6 Low Vendor file name sizeof-agent High Vendor pom artifactid sizeof-agent Low Vendor jar package name ehcache Highest Vendor Manifest hudson-build-number 6 Low Vendor pom parent-artifactid ehcache-parent Low Vendor jar package name net Highest Vendor jar package name sf Highest Vendor pom url http://www.ehcache.org Highest Vendor Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Product pom groupid net.sf.ehcache Highest Product pom name Ehcache Size-Of Agent High Product Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Product Manifest jenkins-build-number 6 Low Product file name sizeof-agent High Product jar package name ehcache Highest Product Manifest hudson-build-number 6 Low Product pom artifactid sizeof-agent Highest Product jar package name net Highest Product pom url http://www.ehcache.org Medium Product pom parent-artifactid ehcache-parent Medium Product jar package name sf Highest Product Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Version pom version 1.0.1 Highest Version pom parent-version 1.0.1 Low
Related Dependencies ehcache-2.10.3.jar: sizeof-agent.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/ehcache-2.10.3.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar MD5: 5ad919b3ac0516897bdca079c9a222a8 SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c SHA256: 3bcd560ca5f05248db9b689244b043e9c7549e3791281631a64e5dfff15870d2 elasticsearch-5.2.1.jarDescription:
Elasticsearch subproject :core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/elasticsearch-5.2.1.jar
MD5: 9db6610f4987889afa9bd6b2c96b492b
SHA1: 34ab99e9afe6b396aaf12dc5dc68bad3116df812
SHA256: 081ea19f0795b7c5330539ec066027bfd3870f8a7bbe7b3fc35a0825ceb058cd
Evidence Type Source Name Value Confidence Vendor Manifest build-date 2017-02-09T22:05:32.386Z Low Vendor Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Vendor pom groupid elasticsearch Highest Vendor pom name core High Vendor central groupid org.elasticsearch Highest Vendor Manifest module-origin elastic/elasticsearch.git Low Vendor pom url elastic/elasticsearch Highest Vendor Manifest built-status integration Low Vendor Manifest change db0d481 Low Vendor Manifest module-source /core Low Vendor jar package name elasticsearch Low Vendor pom artifactid elasticsearch Low Vendor file name elasticsearch High Vendor Manifest built-os Linux Low Vendor Manifest x-compile-elasticsearch-snapshot false Low Product Manifest build-date 2017-02-09T22:05:32.386Z Low Product Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Product pom url elastic/elasticsearch High Product pom groupid elasticsearch Highest Product pom name core High Product Manifest module-origin elastic/elasticsearch.git Low Product jar package name elasticsearch Highest Product Manifest built-status integration Low Product Manifest change db0d481 Low Product Manifest module-source /core Low Product file name elasticsearch High Product pom artifactid elasticsearch Highest Product Manifest built-os Linux Low Product central artifactid elasticsearch Highest Product Manifest Implementation-Title org.elasticsearch#core;5.2.1 High Product Manifest x-compile-elasticsearch-snapshot false Low Version central version 5.2.1 Highest Version pom version 5.2.1 Highest Version Manifest Implementation-Version 5.2.1 High Version Manifest x-compile-elasticsearch-version 5.2.1 Medium Version file version 5.2.1 High
Related Dependencies elasticsearch-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/elasticsearch-5.2.1.jar MD5: 9db6610f4987889afa9bd6b2c96b492b SHA1: 34ab99e9afe6b396aaf12dc5dc68bad3116df812 SHA256: 081ea19f0795b7c5330539ec066027bfd3870f8a7bbe7b3fc35a0825ceb058cd elasticsearch-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/elasticsearch-5.2.1.jar MD5: 9db6610f4987889afa9bd6b2c96b492b SHA1: 34ab99e9afe6b396aaf12dc5dc68bad3116df812 SHA256: 081ea19f0795b7c5330539ec066027bfd3870f8a7bbe7b3fc35a0825ceb058cd Published Vulnerabilities CVE-2019-7611 suppress
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-7614 suppress
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-7019 suppress
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. CWE-269 Improper Privilege Management
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
encoder-1.2.2.jarDescription:
The OWASP Encoders package is a collection of high-performance low-overhead
contextual encoders, that when utilized correctly, is an effective tool in
preventing Web Application security vulnerabilities such as Cross-Site
Scripting.
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/encoder-1.2.2.jarMD5: f359154223ac1d471da94e54217df4dbSHA1: 664346e62c3a95e1de5153db231bd283392a9532SHA256: 32313d4f4fa494c86cb236664e74723231b9418028c7cfc6d61cc4d14c4a993f
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.owasp.encoder Medium Vendor pom name Java Encoder High Vendor jar package name encoders Highest Vendor pom artifactid encoder Low Vendor pom parent-artifactid encoder-parent Low Vendor file name encoder High Vendor pom groupid owasp.encoder Highest Vendor jar package name encoder Highest Vendor jar package name encoder Low Vendor jar package name owasp Highest Vendor jar package name owasp Low Product pom parent-groupid org.owasp.encoder Medium Product pom name Java Encoder High Product jar package name encoders Highest Product file name encoder High Product pom artifactid encoder Highest Product pom groupid owasp.encoder Highest Product jar package name encoder Highest Product jar package name encoder Low Product jar package name owasp Highest Product pom parent-artifactid encoder-parent Medium Version file version 1.2.2 High Version pom version 1.2.2 Highest
Related Dependencies encoder-1.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/encoder-1.2.2.jar MD5: f359154223ac1d471da94e54217df4db SHA1: 664346e62c3a95e1de5153db231bd283392a9532 SHA256: 32313d4f4fa494c86cb236664e74723231b9418028c7cfc6d61cc4d14c4a993f encoder-1.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/encoder-1.2.2.jar MD5: f359154223ac1d471da94e54217df4db SHA1: 664346e62c3a95e1de5153db231bd283392a9532 SHA256: 32313d4f4fa494c86cb236664e74723231b9418028c7cfc6d61cc4d14c4a993f encoder-1.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/encoder-1.2.2.jar MD5: f359154223ac1d471da94e54217df4db SHA1: 664346e62c3a95e1de5153db231bd283392a9532 SHA256: 32313d4f4fa494c86cb236664e74723231b9418028c7cfc6d61cc4d14c4a993f encoder-1.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/encoder-1.2.2.jar MD5: f359154223ac1d471da94e54217df4db SHA1: 664346e62c3a95e1de5153db231bd283392a9532 SHA256: 32313d4f4fa494c86cb236664e74723231b9418028c7cfc6d61cc4d14c4a993f ezmorph-1.0.6.jarDescription:
Simple java library for transforming an Object to another Object.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/ezmorph-1.0.6.jar
MD5: 1fa113c6aacf3a01af1449df77acd474
SHA1: 01e55d2a0253ea37745d33062852fd2c90027432
SHA256: 2be06a2380f8656426b5c610db694bbd75314caf3e9191affcd7942721398ed7
Evidence Type Source Name Value Confidence Vendor jar package name net Low Vendor jar package name ezmorph Low Vendor file name ezmorph High Vendor pom groupid net.sf.ezmorph Highest Vendor pom artifactid ezmorph Low Vendor pom url http://ezmorph.sourceforge.net Highest Vendor jar package name ezmorph Highest Vendor jar package name object Highest Vendor jar package name sf Low Vendor jar package name net Highest Vendor pom name ezmorph High Vendor jar package name sf Highest Product jar package name ezmorph Low Product jar package name ezmorph Highest Product jar package name object Highest Product file name ezmorph High Product pom url http://ezmorph.sourceforge.net Medium Product jar package name sf Low Product pom groupid net.sf.ezmorph Highest Product jar package name net Highest Product pom name ezmorph High Product pom artifactid ezmorph Highest Product jar package name sf Highest Version file version 1.0.6 High Version pom version 1.0.6 Highest
fast-classpath-scanner-2.0.13.jarDescription:
Uber-fast, ultra-lightweight Java classpath scanner. Scans the classpath by parsing the classfile binary format directly rather than by using reflection.
See https://github.com/lukehutch/fast-classpath-scanner
License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/fast-classpath-scanner-2.0.13.jar
MD5: 57606ae1a69410cb46a534c2ab783cdf
SHA1: 9a19e36a388037f0b632a66684653dd09352c610
SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id io.github.lukehutch Medium Vendor pom groupid io.github.lukehutch Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom name FastClasspathScanner High Vendor Manifest bundle-symbolicname io.github.lukehutch.fast-classpath-scanner Medium Vendor jar package name lukehutch Highest Vendor jar package name github Highest Vendor Manifest implementation-url https://github.com/lukehutch/fast-classpath-scanner Low Vendor Manifest bundle-category Utilities Low Vendor jar package name fastclasspathscanner Highest Vendor jar package name io Highest Vendor pom url lukehutch/fast-classpath-scanner Highest Vendor pom artifactid fast-classpath-scanner Low Vendor file name fast-classpath-scanner High Product pom groupid io.github.lukehutch Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom name FastClasspathScanner High Product Manifest bundle-symbolicname io.github.lukehutch.fast-classpath-scanner Medium Product Manifest specification-title FastClasspathScanner Medium Product pom url lukehutch/fast-classpath-scanner High Product jar package name lukehutch Highest Product jar package name github Highest Product Manifest implementation-url https://github.com/lukehutch/fast-classpath-scanner Low Product Manifest bundle-category Utilities Low Product Manifest Bundle-Name FastClasspathScanner Medium Product pom artifactid fast-classpath-scanner Highest Product jar package name fastclasspathscanner Highest Product jar package name io Highest Product Manifest Implementation-Title FastClasspathScanner High Product file name fast-classpath-scanner High Version file version 2.0.13 High Version pom version 2.0.13 Highest Version Manifest Bundle-Version 2.0.13 High Version Manifest Implementation-Version 2.0.13 High
Related Dependencies fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fast-classpath-scanner-2.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/fast-classpath-scanner-2.0.13.jar MD5: 57606ae1a69410cb46a534c2ab783cdf SHA1: 9a19e36a388037f0b632a66684653dd09352c610 SHA256: d21ce8c9abf59f1d45a1f7bb18b7d136637f3f18e422345e3bcb677faeaf34fc fastjson-1.2.70.jarDescription:
Fastjson is a JSON processor (JSON parser + JSON generator) written in Java License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/fastjson-1.2.70.jar
MD5: b5b9cec4ce6b5ca134c9092aea2224c4
SHA1: 77e20a36181005ad6d838254d52b3fa949e95dfe
SHA256: cdde33b0152875b62dce0420177e7788a41050e0b0df805116ead89dc959a9d0
Evidence Type Source Name Value Confidence Vendor jar package name alibaba Highest Vendor pom artifactid fastjson Low Vendor jar package name fastjson Low Vendor file name fastjson High Vendor pom organization url alibaba Medium Vendor pom url alibaba/fastjson Highest Vendor jar package name fastjson Highest Vendor pom name fastjson High Vendor pom organization name Alibaba Group High Vendor pom groupid alibaba Highest Vendor jar package name alibaba Low Vendor jar package name parser Highest Product jar package name alibaba Highest Product pom name fastjson High Product jar package name fastjson Low Product file name fastjson High Product pom url alibaba/fastjson High Product pom groupid alibaba Highest Product pom url alibaba High Product pom artifactid fastjson Highest Product jar package name fastjson Highest Product pom organization name Alibaba Group Low Product jar package name parser Highest Version pom version 1.2.70 Highest Version file version 1.2.70 High
fever-batch-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/fever-batch-0.0.3-SNAPSHOT.jarMD5: 9ce425d5a08b0f072f18f7f9a8445610SHA1: 0967c873a3b8a83560b3e295754fa401e24ebc31SHA256: 3bc78d5c24e6ace1b8ebc697ada962c3ca19435e5987d1099b080499e4942993
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor pom artifactid fever-batch Low Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-batch/ Low Vendor jar package name github Highest Vendor file name fever-batch High Vendor jar package name fanfever Highest Vendor pom parent-artifactid fever-parent Low Vendor pom name fever-batch High Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product jar package name fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product pom name fever-batch High Product pom parent-artifactid fever-parent Medium Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-batch/ Low Product pom artifactid fever-batch Highest Product jar package name fever Highest Product jar package name github Highest Product file name fever-batch High Product Manifest Implementation-Title fever-batch High Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2019-3774 suppress
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
fever-common-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/fever-common-0.0.3-SNAPSHOT.jarMD5: 0562ac25fa058c8acea14a484e3d4c40SHA1: baca401c12bda31825b6ee848563f9d2d071a5fbSHA256: 23764afb37ec1ac2bf50c4c2ffa8cfdd6e6c00e5fbe443e4901376423659dbd7
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor pom name fever-common High Vendor jar package name github Highest Vendor jar package name fanfever Highest Vendor pom parent-artifactid fever-parent Low Vendor pom artifactid fever-common Low Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-common/ Low Vendor file name fever-common High Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product jar package name fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product pom artifactid fever-common Highest Product Manifest Implementation-Title fever-common High Product pom parent-artifactid fever-parent Medium Product pom name fever-common High Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-common/ Low Product file name fever-common High Product jar package name fever Highest Product jar package name github Highest Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Related Dependencies fever-common-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/fever-common-0.0.3-SNAPSHOT.jar MD5: 0562ac25fa058c8acea14a484e3d4c40 SHA1: baca401c12bda31825b6ee848563f9d2d071a5fb SHA256: 23764afb37ec1ac2bf50c4c2ffa8cfdd6e6c00e5fbe443e4901376423659dbd7 fever-common-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/fever-common-0.0.3-SNAPSHOT.jar MD5: 0562ac25fa058c8acea14a484e3d4c40 SHA1: baca401c12bda31825b6ee848563f9d2d071a5fb SHA256: 23764afb37ec1ac2bf50c4c2ffa8cfdd6e6c00e5fbe443e4901376423659dbd7 fever-common-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/fever-common-0.0.3-SNAPSHOT.jar MD5: 0562ac25fa058c8acea14a484e3d4c40 SHA1: baca401c12bda31825b6ee848563f9d2d071a5fb SHA256: 23764afb37ec1ac2bf50c4c2ffa8cfdd6e6c00e5fbe443e4901376423659dbd7 fever-common-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/fever-common-0.0.3-SNAPSHOT.jar MD5: 0562ac25fa058c8acea14a484e3d4c40 SHA1: baca401c12bda31825b6ee848563f9d2d071a5fb SHA256: 23764afb37ec1ac2bf50c4c2ffa8cfdd6e6c00e5fbe443e4901376423659dbd7 Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
fever-config-center-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/fever-config-center-0.0.3-SNAPSHOT.jarMD5: e0b381e73dcd81bd39aff14fcf9ec004SHA1: e8047f507bd2e6970bfb21d498b6d31a215d88fcSHA256: f7c18f3bd3129fecafc2e71094a182be1501b9e00006470672d00f17fe610c04
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor pom parent-artifactid fever-parent Low Vendor pom artifactid fever-config-center Low Vendor file name fever-config-center High Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-config-center/ Low Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Vendor pom name fever-config-center High Product pom groupid github.fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product pom artifactid fever-config-center Highest Product pom parent-artifactid fever-parent Medium Product file name fever-config-center High Product Manifest Implementation-Title fever-config-center High Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-config-center/ Low Product pom name fever-config-center High Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
fever-elasticsearch-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/fever-elasticsearch-0.0.3-SNAPSHOT.jarMD5: 3c9ed2e927a6d58121c026904e7427a1SHA1: 7224553764003b4f0dc384b49f2b863d68f1a8d5SHA256: f512b64c4503f76ee5f0475471891cea682529d2bc818d83d981effb622a7f66
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor pom name fever-elasticsearch High Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-elasticsearch/ Low Vendor jar package name github Highest Vendor jar package name fanfever Highest Vendor pom parent-artifactid fever-parent Low Vendor file name fever-elasticsearch High Vendor pom artifactid fever-elasticsearch Low Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product jar package name fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product pom artifactid fever-elasticsearch Highest Product file name fever-elasticsearch High Product pom parent-artifactid fever-parent Medium Product pom name fever-elasticsearch High Product jar package name fever Highest Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-elasticsearch/ Low Product Manifest Implementation-Title fever-elasticsearch High Product jar package name github Highest Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Related Dependencies fever-elasticsearch-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/fever-elasticsearch-0.0.3-SNAPSHOT.jar MD5: 3c9ed2e927a6d58121c026904e7427a1 SHA1: 7224553764003b4f0dc384b49f2b863d68f1a8d5 SHA256: f512b64c4503f76ee5f0475471891cea682529d2bc818d83d981effb622a7f66 fever-elasticsearch-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/fever-elasticsearch-0.0.3-SNAPSHOT.jar MD5: 3c9ed2e927a6d58121c026904e7427a1 SHA1: 7224553764003b4f0dc384b49f2b863d68f1a8d5 SHA256: f512b64c4503f76ee5f0475471891cea682529d2bc818d83d981effb622a7f66 Published Vulnerabilities CVE-2014-3120 suppress
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. CWE-284 Improper Access Control
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions:
CVE-2014-6439 suppress
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2015-1427 suppress
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. CWE-284 Improper Access Control
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2015-3337 suppress
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2015-5531 suppress
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions:
fever-mail-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/fever-mail-0.0.3-SNAPSHOT.jarMD5: 5d3f4adc03a68a9df754340c77b7d134SHA1: 1d624d19284d5eb243fb905dcffd674d893e6a9cSHA256: 4c851957418eb13ab6a6dbfb520ca6410ca0710f073847e8fb79996e3f179299
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor file name fever-mail High Vendor pom artifactid fever-mail Low Vendor jar package name mail Highest Vendor jar package name github Highest Vendor jar package name fanfever Highest Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-mail/ Low Vendor pom parent-artifactid fever-parent Low Vendor pom name fever-mail High Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product Manifest Implementation-Title fever-mail High Product file name fever-mail High Product pom parent-artifactid fever-parent Medium Product jar package name mail Highest Product jar package name github Highest Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-mail/ Low Product jar package name fanfever Highest Product pom name fever-mail High Product pom artifactid fever-mail Highest Product jar package name fever Highest Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
fever-metrics-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/fever-metrics-0.0.3-SNAPSHOT.jarMD5: ba4042efc4fba79ae2ec74533c9d4202SHA1: 59786fecbbd90e86a3f56847611a2dad24415604SHA256: 19ea1da67dc2bdb587b4a8b429094bc5791c7fc8c73ffafc6ed19aaec0106e68
Evidence Type Source Name Value Confidence Vendor file name fever-metrics High Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor jar package name github Highest Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-metrics/ Low Vendor pom name fever-metrics High Vendor jar package name fanfever Highest Vendor pom parent-artifactid fever-parent Low Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor pom artifactid fever-metrics Low Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product file name fever-metrics High Product pom groupid github.fanfever Highest Product jar package name fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product Manifest Implementation-Title fever-metrics High Product pom parent-artifactid fever-parent Medium Product jar package name fever Highest Product pom artifactid fever-metrics Highest Product jar package name github Highest Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-metrics/ Low Product pom name fever-metrics High Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
fever-migration-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/fever-migration-0.0.3-SNAPSHOT.jarMD5: 059a0f1263eed5f49bebd8d01234cd0bSHA1: 78a59657bac6ffd46ef8f37ef278f07efcbfd331SHA256: 3f8beeeecb9424bf68617120529e9fc69286b7cf0020c14cd118877fd8413e34
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor pom parent-artifactid fever-parent Low Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-migration/ Low Vendor file name fever-migration High Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor pom artifactid fever-migration Low Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Vendor pom name fever-migration High Product pom groupid github.fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product Manifest Implementation-Title fever-migration High Product pom parent-artifactid fever-parent Medium Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-migration/ Low Product file name fever-migration High Product pom artifactid fever-migration Highest Product pom name fever-migration High Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
fever-search-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/fever-search-0.0.3-SNAPSHOT.jarMD5: 3582587635696f7462459f4aec1d2056SHA1: 5d24af924954c12f4ce986f3ca1a90b49d7a539cSHA256: 2bbba5c8732a4b9bf95aba122d436d919dd5218ef6efe74535b633b058413fda
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor pom artifactid fever-search Low Vendor file name fever-search High Vendor jar package name github Highest Vendor jar package name fanfever Highest Vendor pom parent-artifactid fever-parent Low Vendor pom name fever-search High Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-search/ Low Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product jar package name fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product Manifest Implementation-Title fever-search High Product pom artifactid fever-search Highest Product pom parent-artifactid fever-parent Medium Product pom name fever-search High Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-search/ Low Product file name fever-search High Product jar package name fever Highest Product jar package name github Highest Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2008-0199 suppress
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions:
CVE-2008-0207 suppress
Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N References:
Vulnerable Software & Versions:
fever-shiro-redis-0.0.3-SNAPSHOT.jarDescription:
An implement of redis cache can be used by shiro. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/fever-shiro-redis-0.0.3-SNAPSHOT.jarMD5: dc87ed5d0be2bad9f8b39e79f6902a5eSHA1: e722311dd25b8e4ba78727f4f9d5428f4b716b84SHA256: e8c85ac8055de89d5f3de02093e6811fa3e5aca213cc8a4602262479431601d6
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor jar package name shiro Highest Vendor pom artifactid fever-shiro-redis Low Vendor jar package name github Highest Vendor file name fever-shiro-redis High Vendor jar package name fanfever Highest Vendor pom parent-artifactid fever-parent Low Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-shiro-redis/ Low Vendor jar package name fever Highest Vendor pom name fever-shiro-redis High Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product jar package name shiro Highest Product pom parent-artifactid fever-parent Medium Product Manifest Implementation-Title fever-shiro-redis High Product jar package name github Highest Product file name fever-shiro-redis High Product pom artifactid fever-shiro-redis Highest Product jar package name fanfever Highest Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-shiro-redis/ Low Product jar package name fever Highest Product pom name fever-shiro-redis High Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
fever-sms-http-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/fever-sms-http-0.0.3-SNAPSHOT.jarMD5: ae803ee2d64f775536faaed5c52bd453SHA1: 463dacceabb44f104b97d7605e511430f6b4617eSHA256: f9d68cb690488b5d50709ed4c99e1d3ec10e713674bbd09ba397d71fca62c1fa
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor jar package name sms Highest Vendor pom name fever-sms-http High Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-sms-http/ Low Vendor pom artifactid fever-sms-http Low Vendor jar package name github Highest Vendor jar package name fanfever Highest Vendor file name fever-sms-http High Vendor pom parent-artifactid fever-parent Low Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product jar package name sms Highest Product pom name fever-sms-http High Product pom parent-artifactid fever-parent Medium Product Manifest Implementation-Title fever-sms-http High Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-sms-http/ Low Product jar package name github Highest Product jar package name fanfever Highest Product file name fever-sms-http High Product pom artifactid fever-sms-http Highest Product jar package name fever Highest Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2005-2311 suppress
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files. NVD-CWE-Other
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:N References:
Vulnerable Software & Versions:
fever-upload-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/fever-upload-0.0.3-SNAPSHOT.jarMD5: 7119171b12b8f4f39f4398a4ceba1b2bSHA1: b694902c54ca460076b645122faadae0f79a4b00SHA256: 0c01a53b1ac0086f6152f35c45604acbc4ff828624ea1539198dc47b9bc6d7df
Evidence Type Source Name Value Confidence Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor pom artifactid fever-upload Low Vendor jar package name github Highest Vendor jar package name upload Highest Vendor jar package name fanfever Highest Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-upload/ Low Vendor pom parent-artifactid fever-parent Low Vendor pom name fever-upload High Vendor file name fever-upload High Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid github.fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product pom parent-artifactid fever-parent Medium Product jar package name github Highest Product jar package name upload Highest Product jar package name fanfever Highest Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-upload/ Low Product pom artifactid fever-upload Highest Product pom name fever-upload High Product file name fever-upload High Product jar package name fever Highest Product Manifest Implementation-Title fever-upload High Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
fever-web-0.0.3-SNAPSHOT.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/fever-web-0.0.3-SNAPSHOT.jarMD5: 83d5561c1fd3344803681436e5843151SHA1: 5c65ae00a4927c0743853f9d9906da06d8663482SHA256: d1ec8bc8800b97f3df8121ff03141b9ec51cce3a895c0d027c3f6f769fdb3d5d
Evidence Type Source Name Value Confidence Vendor Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-web/ Low Vendor pom groupid github.fanfever Highest Vendor pom parent-groupid com.github.fanfever Medium Vendor jar package name web Highest Vendor file name fever-web High Vendor pom artifactid fever-web Low Vendor jar package name github Highest Vendor jar package name fanfever Highest Vendor pom parent-artifactid fever-parent Low Vendor pom name fever-web High Vendor jar package name fever Highest Vendor Manifest Implementation-Vendor-Id com.github.fanfever Medium Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product Manifest implementation-url http://projects.spring.io/spring-boot/fever-parent/fever-web/ Low Product pom groupid github.fanfever Highest Product pom parent-groupid com.github.fanfever Medium Product jar package name web Highest Product file name fever-web High Product pom parent-artifactid fever-parent Medium Product pom artifactid fever-web Highest Product Manifest Implementation-Title fever-web High Product jar package name github Highest Product jar package name fanfever Highest Product pom name fever-web High Product jar package name fever Highest Version pom version 0.0.3-SNAPSHOT Highest Version Manifest Implementation-Version 0.0.3-SNAPSHOT High
Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
file-management-1.2.1.jarDescription:
API to collect files from a given directory using several include/exclude rules. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/file-management-1.2.1.jarMD5: 8ff176dd87a81b6fe54b47bc10136656SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820eaSHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e
Evidence Type Source Name Value Confidence Vendor jar package name shared Highest Vendor jar package name maven Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.shared Medium Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid apache.maven.shared Highest Vendor file name file-management High Vendor pom artifactid file-management Low Vendor pom parent-groupid org.apache.maven.shared Medium Vendor pom name Maven File Management API High Vendor pom parent-artifactid maven-shared-components Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product jar package name shared Highest Product Manifest specification-title Maven File Management API Medium Product jar package name maven Highest Product pom groupid apache.maven.shared Highest Product file name file-management High Product pom artifactid file-management Highest Product pom parent-groupid org.apache.maven.shared Medium Product pom parent-artifactid maven-shared-components Medium Product pom name Maven File Management API High Product jar package name apache Highest Product Manifest Implementation-Title Maven File Management API High Version file version 1.2.1 High Version pom parent-version 1.2.1 Low Version Manifest Implementation-Version 1.2.1 High Version pom version 1.2.1 Highest
Related Dependencies file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e file-management-1.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/file-management-1.2.1.jar MD5: 8ff176dd87a81b6fe54b47bc10136656 SHA1: 8f98bcaa7fd3625a172fd3de10bba8c32b9820ea SHA256: 009478892149c0141645276d2c74094e7db595a48765b74834565b1dd25b454e fluent-hc-4.5.3.jarDescription:
Apache HttpComponents Client fluent API
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/fluent-hc-4.5.3.jarMD5: 902baa6df5f6d20f96d03a7b3453d1adSHA1: 76487e3a4fa77b2dd6cb1927ea423e220d7efbabSHA256: 7047412674c28bac2fac86548f94eec19ecc84ac54e055b756f78839fcaff1e4
Evidence Type Source Name Value Confidence Vendor Manifest url http://hc.apache.org/httpcomponents-client Low Vendor pom name Apache HttpClient Fluent API High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor jar package name fluent Highest Vendor pom groupid apache.httpcomponents Highest Vendor jar package name apache Highest Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor file name fluent-hc High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid fluent-hc Low Vendor Manifest implementation-build tags/4.5.3-RC1/fluent-hc@r1779741; 2017-01-21 16:58:35+0100 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom parent-artifactid httpcomponents-client Low Vendor jar package name client Highest Product Manifest url http://hc.apache.org/httpcomponents-client Low Product pom name Apache HttpClient Fluent API High Product jar package name fluent Highest Product pom artifactid fluent-hc Highest Product pom groupid apache.httpcomponents Highest Product jar package name apache Highest Product pom url http://hc.apache.org/httpcomponents-client Medium Product file name fluent-hc High Product jar package name http Highest Product Manifest implementation-build tags/4.5.3-RC1/fluent-hc@r1779741; 2017-01-21 16:58:35+0100 Low Product pom parent-groupid org.apache.httpcomponents Medium Product Manifest specification-title HttpComponents Apache HttpClient Fluent API Medium Product pom parent-artifactid httpcomponents-client Medium Product Manifest Implementation-Title HttpComponents Apache HttpClient Fluent API High Product jar package name client Highest Version pom version 4.5.3 Highest Version file version 4.5.3 High Version Manifest Implementation-Version 4.5.3 High
fluent-validator-1.0.5.jarDescription:
A simple Java validation framework leveraging fluent interface style and JSR 303 specification
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/fluent-validator-1.0.5.jarMD5: e47ed612b502e4ccfd786f3e50b20aa8SHA1: a8c53431fbef942e74e664b2c02d4291c34117b3SHA256: 3aa509f18bdc40496f5362ebcbbf1a8137d6ac94658a3d7dc9a1898e596a6c38
Evidence Type Source Name Value Confidence Vendor pom artifactid fluent-validator Low Vendor jar package name validator Highest Vendor pom parent-artifactid fluent-validator-parent Low Vendor pom groupid baidu.unbiz Highest Vendor jar package name unbiz Highest Vendor jar package name fluentvalidator Low Vendor jar package name unbiz Low Vendor file name fluent-validator High Vendor pom parent-groupid com.baidu.unbiz Medium Vendor jar package name baidu Low Vendor jar package name baidu Highest Vendor pom name fluent-validator High Product jar package name baidu Highest Product jar package name validator Highest Product pom groupid baidu.unbiz Highest Product pom name fluent-validator High Product jar package name unbiz Highest Product jar package name fluentvalidator Low Product jar package name unbiz Low Product pom artifactid fluent-validator Highest Product file name fluent-validator High Product pom parent-groupid com.baidu.unbiz Medium Product pom parent-artifactid fluent-validator-parent Medium Version pom version 1.0.5 Highest Version file version 1.0.5 High
fluent-validator-jsr303-1.0.5.jarDescription:
A simple Java validation framework leveraging fluent interface style and JSR 303 specification
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/fluent-validator-jsr303-1.0.5.jarMD5: 632c4e55f64a8ac4e98836cb28547ba8SHA1: 98634cbd3891c6323854743bcfc546b6d7782671SHA256: 2f8a67618c64992851ba3ab4299c20ad388b015816d2c34bff0b2fa373357241
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid fluent-validator-parent Low Vendor pom groupid baidu.unbiz Highest Vendor jar package name unbiz Highest Vendor jar package name fluentvalidator Low Vendor jar package name unbiz Low Vendor pom parent-groupid com.baidu.unbiz Medium Vendor jar package name baidu Low Vendor pom name fluent-validator-jsr303 High Vendor jar package name baidu Highest Vendor jar package name jsr303 Highest Vendor pom artifactid fluent-validator-jsr303 Low Vendor file name fluent-validator-jsr303 High Product pom groupid baidu.unbiz Highest Product jar package name unbiz Highest Product jar package name fluentvalidator Low Product jar package name unbiz Low Product pom parent-groupid com.baidu.unbiz Medium Product pom name fluent-validator-jsr303 High Product jar package name baidu Highest Product jar package name jsr303 Highest Product pom parent-artifactid fluent-validator-parent Medium Product file name fluent-validator-jsr303 High Product pom artifactid fluent-validator-jsr303 Highest Product jar package name jsr303 Low Version pom version 1.0.5 Highest Version file version 1.0.5 High
fluent-validator-spring-1.0.5.jarDescription:
A simple Java validation framework leveraging fluent interface style and JSR 303 specification
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/fluent-validator-spring-1.0.5.jarMD5: 76422bad11c592d626193e6ff1935ce1SHA1: 381e3509590d48e0a142ddc49f25e134c1277d73SHA256: db89e3d1ae20b2f3eaa3cc67ae17387ac25c28f505103ca2082b16bd79557efb
Evidence Type Source Name Value Confidence Vendor jar package name validator Highest Vendor pom parent-artifactid fluent-validator-parent Low Vendor pom groupid baidu.unbiz Highest Vendor jar package name unbiz Highest Vendor jar package name fluentvalidator Low Vendor jar package name unbiz Low Vendor pom artifactid fluent-validator-spring Low Vendor pom parent-groupid com.baidu.unbiz Medium Vendor jar package name baidu Low Vendor jar package name baidu Highest Vendor file name fluent-validator-spring High Vendor pom name fluent-validator-spring High Product pom artifactid fluent-validator-spring Highest Product jar package name baidu Highest Product jar package name validator Highest Product pom groupid baidu.unbiz Highest Product file name fluent-validator-spring High Product jar package name unbiz Highest Product jar package name fluentvalidator Low Product jar package name unbiz Low Product pom name fluent-validator-spring High Product pom parent-groupid com.baidu.unbiz Medium Product pom parent-artifactid fluent-validator-parent Medium Version pom version 1.0.5 Highest Version file version 1.0.5 High
flyway-core-3.2.1.jarDescription:
Flyway: Database Migrations Made Easy. License:
Apache License, Version 2.0: https://github.com/flyway/flyway/blob/master/LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/flyway-core-3.2.1.jar
MD5: 86ffc06045433c1e8178c0af02903a07
SHA1: 88347e9a484152e9b80fbad7648d1b552a8cff78
SHA256: 81e069eecd8632078cce93f2faa96c1704c568cfa242210f894c55dcee626c94
Evidence Type Source Name Value Confidence Vendor pom name ${project.artifactId} High Vendor Manifest bundle-symbolicname org.flywaydb.core Medium Vendor pom groupid flywaydb Highest Vendor jar package name core Highest Vendor pom parent-groupid org.flywaydb Medium Vendor pom artifactid flyway-core Low Vendor file name flyway-core High Vendor jar package name flywaydb Highest Vendor jar package name flyway Highest Vendor pom parent-artifactid flyway-parent Low Product pom name ${project.artifactId} High Product Manifest bundle-symbolicname org.flywaydb.core Medium Product pom artifactid flyway-core Highest Product Manifest Bundle-Name flyway-core Medium Product pom groupid flywaydb Highest Product pom parent-artifactid flyway-parent Medium Product jar package name core Highest Product pom parent-groupid org.flywaydb Medium Product file name flyway-core High Product jar package name flyway Highest Product jar package name flywaydb Highest Version pom version 3.2.1 Highest Version file version 3.2.1 High Version Manifest Bundle-Version 3.2.1 High
gherkin-2.12.2.jarDescription:
Pure Java Gherkin License:
MIT License: http://www.opensource.org/licenses/mit-license File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/gherkin-2.12.2.jar
MD5: 4f9d2052404a4dd642714c345e389f64
SHA1: 017138631fa20fd0e44a13e50d6b7be59cee1a94
SHA256: 0a5ebc0506ab1e4a08af1ca150f797304ff53b953c5b1f6fcf1f81551d964aad
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname info.cukes.gherkin Medium Vendor pom artifactid gherkin Low Vendor pom groupid info.cukes Highest Vendor pom name Gherkin High Vendor file name gherkin High Vendor jar package name gherkin Highest Vendor pom url cucumber/gherkin Highest Product Manifest bundle-symbolicname info.cukes.gherkin Medium Product pom groupid info.cukes Highest Product pom name Gherkin High Product pom url cucumber/gherkin High Product file name gherkin High Product jar package name gherkin Highest Product pom artifactid gherkin Highest Product Manifest Bundle-Name Gherkin Medium Version file version 2.12.2 High Version pom version 2.12.2 Highest Version Manifest Bundle-Version 2.12.2 High
guava-21.0.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/guava-21.0.jar
MD5: ddc91fd850fa6177c91aab5d4e4d1fa6
SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709
SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor file name guava High Vendor pom groupid google.guava Highest Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor pom name Guava: Google Core Libraries for Java High Vendor jar package name google Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid guava Low Vendor pom parent-artifactid guava-parent Low Product Manifest bundle-docurl https://github.com/google/guava/ Low Product file name guava High Product pom groupid google.guava Highest Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product jar package name google Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid guava Highest Version file version 21.0 High Version pom version 21.0 Highest
Related Dependencies guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 guava-21.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/guava-21.0.jar MD5: ddc91fd850fa6177c91aab5d4e4d1fa6 SHA1: 3a3d111be1be1b745edfa7d91678a12d7ed38709 SHA256: 972139718abc8a4893fa78cba8cf7b2c903f35c97aaf44fa3031b0669948b480 Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion MISC - https://www.oracle.com/security-alerts/cpujul2020.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] Deserialization of Untrusted Data REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
h2-1.4.193.jarDescription:
H2 Database Engine License:
MPL 2.0 or EPL 1.0: http://h2database.com/html/license.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/h2-1.4.193.jar
MD5: 4bb66a982f387e617e0e406f3b6de2cf
SHA1: 369b51e2090c4e6714d9d5e42010b6330c2cea26
SHA256: b1cf34c64871014aa73580281cc464dfa72450d8860cc0752fc175e87edd6544
Evidence Type Source Name Value Confidence Vendor file name h2 High Vendor jar package name h2 Low Vendor pom groupid h2database Highest Vendor Manifest bundle-symbolicname org.h2 Medium Vendor jar package name h2 Highest Vendor Manifest implementation-url http://www.h2database.com Low Vendor pom name H2 Database Engine High Vendor Manifest bundle-category jdbc Low Vendor central groupid com.h2database Highest Vendor pom artifactid h2 Low Vendor pom url http://www.h2database.com Highest Product pom groupid h2database Highest Product Manifest Bundle-Name H2 Database Engine Medium Product pom artifactid h2 Highest Product Manifest implementation-url http://www.h2database.com Low Product central artifactid h2 Highest Product pom url http://www.h2database.com Medium Product jar package name engine Highest Product pom name H2 Database Engine High Product Manifest bundle-category jdbc Low Product file name h2 High Product jar package name h2 Highest Product Manifest bundle-symbolicname org.h2 Medium Product Manifest Implementation-Title H2 Database Engine High Product jar package name database Highest Product jar package name jdbc Highest Version Manifest Bundle-Version 1.4.193 High Version central version 1.4.193 Highest Version Manifest Implementation-Version 1.4.193 High Version file version 1.4.193 High Version pom version 1.4.193 Highest
h2-1.4.193.jar: data.zip: table.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/h2-1.4.193.jar/org/h2/util/data.zip/org/h2/server/web/res/table.jsMD5: a914a66de53dcdeb39684f1ce8ce8527SHA1: c41ef5fb193ac25622f4e129470339aec24d731aSHA256: 8c5b079b38e94718bb58a71b0e310bad6c1004670a19c1bc0f63b32fdd81134a
Evidence Type Source Name Value Confidence
h2-1.4.193.jar: data.zip: tree.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/h2-1.4.193.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.jsMD5: 495277155635a72b0c69f987d938b6e1SHA1: 446cad47e33a62baf330ee5200646b5ccb9c0df9SHA256: 14c797bd700570c38e8af1aa50ecea205a385be466ec9431e46dbe586ce7a61c
Evidence Type Source Name Value Confidence
hamcrest-core-1.3.jarDescription:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/hamcrest-core-1.3.jarMD5: 6393363b47ddcbba82321110c3e07519SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Evidence Type Source Name Value Confidence Vendor pom groupid hamcrest Highest Vendor pom parent-groupid org.hamcrest Medium Vendor file name hamcrest-core High Vendor pom name Hamcrest Core High Vendor Manifest Implementation-Vendor hamcrest.org High Vendor pom parent-artifactid hamcrest-parent Low Vendor pom artifactid hamcrest-core Low Vendor jar package name hamcrest Low Vendor Manifest built-date 2012-07-09 19:49:34 Low Vendor central groupid org.hamcrest Highest Vendor jar package name hamcrest Highest Product central artifactid hamcrest-core Highest Product pom groupid hamcrest Highest Product pom parent-groupid org.hamcrest Medium Product pom artifactid hamcrest-core Highest Product file name hamcrest-core High Product pom name Hamcrest Core High Product Manifest Implementation-Title hamcrest-core High Product jar package name core Highest Product Manifest built-date 2012-07-09 19:49:34 Low Product pom parent-artifactid hamcrest-parent Medium Product jar package name hamcrest Highest Version Manifest Implementation-Version 1.3 High Version central version 1.3 Highest Version file version 1.3 High Version pom version 1.3 Highest
Related Dependencies hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-core-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 hamcrest-library-1.3.jarDescription:
Hamcrest library of matcher implementations.
License:
GraphDB Free License: http://graphdb.ontotext.com/LICENSE-GraphDB-Free.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/hamcrest-library-1.3.jar
MD5: 110ad2ea84f7031a1798648b6b318e79
SHA1: 4785a3c21320980282f9f33d0d1264a69040538f
SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c
Evidence Type Source Name Value Confidence Vendor central groupid com.ontotext.graphdb High Vendor pom artifactid graphdb-free-runtime Low Vendor central groupid org.hamcrest High Vendor pom groupid ontotext.graphdb Highest Vendor pom name GraphDB Free Runtime High Vendor jar package name hamcrest Low Vendor Manifest built-date 2012-07-09 19:49:34 Low Vendor jar package name hamcrest Highest Vendor pom groupid hamcrest Highest Vendor pom parent-groupid org.hamcrest Medium Vendor pom name Hamcrest library High Vendor pom url http://graphdb.ontotext.com Highest Vendor file name hamcrest-library High Vendor Manifest Implementation-Vendor hamcrest.org High Vendor pom parent-artifactid hamcrest-parent Low Vendor pom artifactid hamcrest-library Low Product pom url http://graphdb.ontotext.com Medium Product central artifactid graphdb-free-runtime High Product pom groupid ontotext.graphdb Highest Product pom name GraphDB Free Runtime High Product Manifest built-date 2012-07-09 19:49:34 Low Product pom parent-artifactid hamcrest-parent Medium Product jar package name hamcrest Highest Product central artifactid hamcrest-library High Product pom groupid hamcrest Highest Product pom parent-groupid org.hamcrest Medium Product pom name Hamcrest library High Product pom artifactid hamcrest-library Highest Product file name hamcrest-library High Product Manifest Implementation-Title hamcrest-library High Product pom artifactid graphdb-free-runtime Highest Version Manifest Implementation-Version 1.3 High Version file version 1.3 High Version central version 1.3 High Version pom version 1.3 Highest
Related Dependencies hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hamcrest-library-1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/hamcrest-library-1.3.jar MD5: 110ad2ea84f7031a1798648b6b318e79 SHA1: 4785a3c21320980282f9f33d0d1264a69040538f SHA256: 711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c hazelcast-3.7.5.jarDescription:
Core Hazelcast Module License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/hazelcast-3.7.5.jar
MD5: a21298b08d3d5a8949afcea8c8996f1e
SHA1: d74eee1a50adbc48c974c0fac3984b9f2e3ff676
SHA256: dfc041f47af13dcad307503e7c050dfd36aef301096426ffd3eeb571c53e86ca
Evidence Type Source Name Value Confidence Vendor pom name hazelcast High Vendor pom groupid hazelcast Highest Vendor Manifest Implementation-Vendor Hazelcast, Inc. High Vendor jar package name core Highest Vendor Manifest Implementation-Vendor-Id com.hazelcast Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor jar package name com Highest Vendor file name hazelcast High Vendor pom artifactid hazelcast Low Vendor jar package name hazelcast Highest Vendor Manifest bundle-symbolicname com.hazelcast Medium Vendor pom parent-groupid com.hazelcast Medium Vendor pom parent-artifactid hazelcast-root Low Vendor Manifest bundle-docurl http://www.hazelcast.com/ Low Product pom name hazelcast High Product pom groupid hazelcast Highest Product jar package name core Highest Product pom artifactid hazelcast Highest Product Manifest Implementation-Title hazelcast High Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product jar package name com Highest Product file name hazelcast High Product Manifest specification-title hazelcast Medium Product jar package name hazelcast Highest Product pom parent-artifactid hazelcast-root Medium Product Manifest bundle-symbolicname com.hazelcast Medium Product pom parent-groupid com.hazelcast Medium Product Manifest Bundle-Name hazelcast Medium Product Manifest bundle-docurl http://www.hazelcast.com/ Low Version pom version 3.7.5 Highest Version Manifest Bundle-Version 3.7.5 High Version file version 3.7.5 High Version Manifest Implementation-Version 3.7.5 High
Related Dependencies hazelcast-3.7.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/hazelcast-3.7.5.jar MD5: a21298b08d3d5a8949afcea8c8996f1e SHA1: d74eee1a50adbc48c974c0fac3984b9f2e3ff676 SHA256: dfc041f47af13dcad307503e7c050dfd36aef301096426ffd3eeb571c53e86ca hazelcast-3.7.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/hazelcast-3.7.5.jar MD5: a21298b08d3d5a8949afcea8c8996f1e SHA1: d74eee1a50adbc48c974c0fac3984b9f2e3ff676 SHA256: dfc041f47af13dcad307503e7c050dfd36aef301096426ffd3eeb571c53e86ca hazelcast-3.7.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/hazelcast-3.7.5.jar MD5: a21298b08d3d5a8949afcea8c8996f1e SHA1: d74eee1a50adbc48c974c0fac3984b9f2e3ff676 SHA256: dfc041f47af13dcad307503e7c050dfd36aef301096426ffd3eeb571c53e86ca hazelcast-3.7.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/hazelcast-3.7.5.jar MD5: a21298b08d3d5a8949afcea8c8996f1e SHA1: d74eee1a50adbc48c974c0fac3984b9f2e3ff676 SHA256: dfc041f47af13dcad307503e7c050dfd36aef301096426ffd3eeb571c53e86ca Published Vulnerabilities CVE-2016-10750 suppress
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
hazelcast-3.7.5.jar (shaded: com.eclipsesource.minimal-json:minimal-json:0.9.2-SNAPSHOT)Description:
A Minimal JSON Parser and Writer License:
MIT License: http://opensource.org/licenses/MIT File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/hazelcast-3.7.5.jar/META-INF/maven/com.eclipsesource.minimal-json/minimal-json/pom.xml
MD5: ae5eb6ecf5f051dd566d8f2c6af93440
SHA1: 639ffcaea95015a3f940cebd93608c5c1976cea1
SHA256: 6684c9ccba201852e46f6d4adb0845ee362240ec910504ee31b4be6b4e06be3c
Evidence Type Source Name Value Confidence Vendor pom artifactid minimal-json Low Vendor pom groupid eclipsesource.minimal-json Highest Vendor pom url ralfstx/minimal-json Highest Vendor pom name minimal-json High Product pom groupid eclipsesource.minimal-json Highest Product pom url ralfstx/minimal-json High Product pom artifactid minimal-json Highest Product pom name minimal-json High Version pom version 0.9.2-SNAPSHOT Highest
hazelcast-3.7.5.jar (shaded: com.hazelcast:hazelcast-client-protocol:1.3.3)Description:
Core Hazelcast Module File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/hazelcast-3.7.5.jar/META-INF/maven/com.hazelcast/hazelcast-client-protocol/pom.xmlMD5: 525e34481def2215e0dbf8a215aa6104SHA1: 674c055f4ef6b69163b8a44345d64dcc7a9846b7SHA256: 0c054110a639d8d7b12565b4d6c10f76769f26770a74da9e8554e590a1a60d83
Evidence Type Source Name Value Confidence Vendor pom name hazelcast-client-protocol High Vendor pom artifactid hazelcast-client-protocol Low Vendor pom groupid hazelcast Highest Vendor pom parent-groupid com.hazelcast Medium Vendor pom parent-artifactid hazelcast-client-protocol-root Low Product pom name hazelcast-client-protocol High Product pom groupid hazelcast Highest Product pom artifactid hazelcast-client-protocol Highest Product pom parent-groupid com.hazelcast Medium Product pom parent-artifactid hazelcast-client-protocol-root Medium Version pom version 1.3.3 Highest
Published Vulnerabilities CVE-2016-10750 suppress
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
hibernate-validator-5.3.4.Final.jarDescription:
Hibernate's Bean Validation (JSR-303) reference implementation. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/hibernate-validator-5.3.4.Final.jar
MD5: 540c4f2374a74674f00e2f2691bb2cce
SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e
SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5
Evidence Type Source Name Value Confidence Vendor jar package name validator Highest Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor Manifest bundle-symbolicname org.hibernate.validator Medium Vendor pom name Hibernate Validator Engine High Vendor jar package name engine Highest Vendor Manifest Implementation-Vendor org.hibernate High Vendor pom parent-groupid org.hibernate Medium Vendor Manifest implementation-url http://hibernate.org/validator/ Low Vendor pom artifactid hibernate-validator Low Vendor file name hibernate-validator High Vendor jar package name hibernate Highest Vendor pom parent-artifactid hibernate-validator-parent Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid hibernate Highest Product jar package name validator Highest Product pom artifactid hibernate-validator Highest Product Manifest bundle-symbolicname org.hibernate.validator Medium Product pom name Hibernate Validator Engine High Product Manifest Bundle-Name Hibernate Validator Engine Medium Product jar package name engine Highest Product Manifest specification-title Bean Validation Medium Product pom parent-groupid org.hibernate Medium Product Manifest implementation-url http://hibernate.org/validator/ Low Product file name hibernate-validator High Product Manifest Implementation-Title hibernate-validator High Product pom parent-artifactid hibernate-validator-parent Medium Product jar package name hibernate Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid hibernate Highest Version Manifest Implementation-Version 5.3.4.Final High Version Manifest Bundle-Version 5.3.4.Final High Version pom version 5.3.4.Final Highest
Related Dependencies hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hibernate-validator-5.3.4.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/hibernate-validator-5.3.4.Final.jar MD5: 540c4f2374a74674f00e2f2691bb2cce SHA1: 2f6c8c0b646afe18e3ad205726729d3c4a85fe2e SHA256: b87d88d4faee39fb7aad20715d79b49c07c2b915df05faccb002bfcf0cb1f0e5 hppc-0.7.1.jarDescription:
High Performance Primitive Collections.
Fundamental data structures (maps, sets, lists, stacks, queues) generated for
combinations of object and primitive types to conserve JVM memory and speed
up execution. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/hppc-0.7.1.jarMD5: 2ff89be5b49144c330190cf7137c3a26SHA1: 8b5057f74ea378c0150a1860874a3ebdcb713767SHA256: 40d2a57f59e9eae7b018d3b4841954087ee40a5c1db6a54c3ea87742e3890391
Evidence Type Source Name Value Confidence Vendor pom groupid carrotsearch Highest Vendor pom parent-groupid com.carrotsearch Medium Vendor pom parent-artifactid hppc-parent Low Vendor jar package name hppc Low Vendor jar package name hppc Highest Vendor pom name HPPC Collections High Vendor jar package name carrotsearch Low Vendor jar package name carrotsearch Highest Vendor pom artifactid hppc Low Vendor file name hppc High Product pom groupid carrotsearch Highest Product pom parent-groupid com.carrotsearch Medium Product jar package name hppc Low Product jar package name hppc Highest Product pom name HPPC Collections High Product jar package name carrotsearch Highest Product file name hppc High Product pom artifactid hppc Highest Product pom parent-artifactid hppc-parent Medium Version file version 0.7.1 High Version pom version 0.7.1 Highest
Related Dependencies hppc-0.7.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/hppc-0.7.1.jar MD5: 2ff89be5b49144c330190cf7137c3a26 SHA1: 8b5057f74ea378c0150a1860874a3ebdcb713767 SHA256: 40d2a57f59e9eae7b018d3b4841954087ee40a5c1db6a54c3ea87742e3890391 hppc-0.7.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/hppc-0.7.1.jar MD5: 2ff89be5b49144c330190cf7137c3a26 SHA1: 8b5057f74ea378c0150a1860874a3ebdcb713767 SHA256: 40d2a57f59e9eae7b018d3b4841954087ee40a5c1db6a54c3ea87742e3890391 httpasyncclient-4.1.3.jarDescription:
Apache HttpComponents AsyncClient
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/httpasyncclient-4.1.3.jarMD5: 73d4a443918f4f7124339d2161e2ae54SHA1: 34c56f43fd3255fc239ffe33d0fbfb8195be6a24SHA256: 2865d141cf21418e9f70f886cdd92d2e2e9a52d636ddffe3a3aaae4e9c70d0a2
Evidence Type Source Name Value Confidence Vendor pom url http://hc.apache.org/httpcomponents-asyncclient Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest url http://hc.apache.org/httpcomponents-asyncclient Low Vendor pom groupid apache.httpcomponents Highest Vendor pom artifactid httpasyncclient Low Vendor file name httpasyncclient High Vendor jar package name apache Highest Vendor pom name Apache HttpAsyncClient High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-build tags/4.1.3-RC1/httpasyncclient@r1781751; 2017-02-05 14:37:11+0100 Low Vendor pom parent-artifactid httpcomponents-asyncclient Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Product Manifest specification-title HttpComponents Apache HttpAsyncClient Medium Product pom artifactid httpasyncclient Highest Product Manifest Implementation-Title HttpComponents Apache HttpAsyncClient High Product Manifest url http://hc.apache.org/httpcomponents-asyncclient Low Product pom groupid apache.httpcomponents Highest Product file name httpasyncclient High Product jar package name apache Highest Product pom name Apache HttpAsyncClient High Product jar package name http Highest Product Manifest implementation-build tags/4.1.3-RC1/httpasyncclient@r1781751; 2017-02-05 14:37:11+0100 Low Product pom parent-artifactid httpcomponents-asyncclient Medium Product pom parent-groupid org.apache.httpcomponents Medium Product pom url http://hc.apache.org/httpcomponents-asyncclient Medium Version Manifest Implementation-Version 4.1.3 High Version file version 4.1.3 High Version pom version 4.1.3 Highest
Related Dependencies httpasyncclient-4.1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/httpasyncclient-4.1.3.jar MD5: 73d4a443918f4f7124339d2161e2ae54 SHA1: 34c56f43fd3255fc239ffe33d0fbfb8195be6a24 SHA256: 2865d141cf21418e9f70f886cdd92d2e2e9a52d636ddffe3a3aaae4e9c70d0a2 httpasyncclient-4.1.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/httpasyncclient-4.1.3.jar MD5: 73d4a443918f4f7124339d2161e2ae54 SHA1: 34c56f43fd3255fc239ffe33d0fbfb8195be6a24 SHA256: 2865d141cf21418e9f70f886cdd92d2e2e9a52d636ddffe3a3aaae4e9c70d0a2 httpclient-4.5.3.jarDescription:
Apache HttpComponents Client
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/httpclient-4.5.3.jarMD5: 1965ebb7aca0f9f8faaed3870d8cf689SHA1: d1577ae15f01ef5438c5afc62162457c00a34713SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135
Evidence Type Source Name Value Confidence Vendor Manifest url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache HttpClient High Vendor pom groupid apache.httpcomponents Highest Vendor jar package name apache Highest Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor pom artifactid httpclient Low Vendor file name httpclient High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name httpclient Highest Vendor Manifest implementation-build tags/4.5.3-RC1/httpclient@r1779741; 2017-01-21 16:58:35+0100 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom parent-artifactid httpcomponents-client Low Vendor jar package name client Highest Product Manifest url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title HttpComponents Apache HttpClient Medium Product pom name Apache HttpClient High Product pom groupid apache.httpcomponents Highest Product jar package name apache Highest Product pom url http://hc.apache.org/httpcomponents-client Medium Product file name httpclient High Product pom artifactid httpclient Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest Implementation-Title HttpComponents Apache HttpClient High Product Manifest implementation-build tags/4.5.3-RC1/httpclient@r1779741; 2017-01-21 16:58:35+0100 Low Product pom parent-groupid org.apache.httpcomponents Medium Product pom parent-artifactid httpcomponents-client Medium Product jar package name client Highest Version pom version 4.5.3 Highest Version file version 4.5.3 High Version Manifest Implementation-Version 4.5.3 High
Related Dependencies httpclient-4.5.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/httpclient-4.5.3.jar MD5: 1965ebb7aca0f9f8faaed3870d8cf689 SHA1: d1577ae15f01ef5438c5afc62162457c00a34713 SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135 httpclient-4.5.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/httpclient-4.5.3.jar MD5: 1965ebb7aca0f9f8faaed3870d8cf689 SHA1: d1577ae15f01ef5438c5afc62162457c00a34713 SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135 httpclient-4.5.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/httpclient-4.5.3.jar MD5: 1965ebb7aca0f9f8faaed3870d8cf689 SHA1: d1577ae15f01ef5438c5afc62162457c00a34713 SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135 httpclient-4.5.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/httpclient-4.5.3.jar MD5: 1965ebb7aca0f9f8faaed3870d8cf689 SHA1: d1577ae15f01ef5438c5afc62162457c00a34713 SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135 httpclient-4.5.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/httpclient-4.5.3.jar MD5: 1965ebb7aca0f9f8faaed3870d8cf689 SHA1: d1577ae15f01ef5438c5afc62162457c00a34713 SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135 httpclient-4.5.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/httpclient-4.5.3.jar MD5: 1965ebb7aca0f9f8faaed3870d8cf689 SHA1: d1577ae15f01ef5438c5afc62162457c00a34713 SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135 httpclient-4.5.3.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/httpclient-4.5.3.jar MD5: 1965ebb7aca0f9f8faaed3870d8cf689 SHA1: d1577ae15f01ef5438c5afc62162457c00a34713 SHA256: db3d1b6c2d6a5e5ad47577ad61854e2f0e0936199b8e05eb541ed52349263135 httpcore-4.4.6.jarDescription:
Apache HttpComponents Core (blocking I/O)
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/httpcore-4.4.6.jarMD5: a9fbd503e0802507efeeaffb56bbdf52SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb
Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom groupid apache.httpcomponents Highest Vendor jar package name apache Highest Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom name Apache HttpCore High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-build tags/4.4.6-RC1/httpcore@r1777789; 2017-01-07 14:48:48+0100 Low Vendor pom parent-artifactid httpcomponents-core Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom artifactid httpcore Low Product file name httpcore High Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product pom groupid apache.httpcomponents Highest Product jar package name apache Highest Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom name Apache HttpCore High Product jar package name http Highest Product Manifest implementation-build tags/4.4.6-RC1/httpcore@r1777789; 2017-01-07 14:48:48+0100 Low Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Product Manifest specification-title HttpComponents Apache HttpCore Medium Product pom parent-groupid org.apache.httpcomponents Medium Product pom artifactid httpcore Highest Version file version 4.4.6 High Version Manifest Implementation-Version 4.4.6 High Version pom version 4.4.6 Highest
Related Dependencies httpcore-4.4.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/httpcore-4.4.6.jar MD5: a9fbd503e0802507efeeaffb56bbdf52 SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82 SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb httpcore-4.4.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/httpcore-4.4.6.jar MD5: a9fbd503e0802507efeeaffb56bbdf52 SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82 SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb httpcore-4.4.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/httpcore-4.4.6.jar MD5: a9fbd503e0802507efeeaffb56bbdf52 SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82 SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb httpcore-4.4.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/httpcore-4.4.6.jar MD5: a9fbd503e0802507efeeaffb56bbdf52 SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82 SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb httpcore-4.4.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/httpcore-4.4.6.jar MD5: a9fbd503e0802507efeeaffb56bbdf52 SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82 SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb httpcore-4.4.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/httpcore-4.4.6.jar MD5: a9fbd503e0802507efeeaffb56bbdf52 SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82 SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb httpcore-4.4.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/httpcore-4.4.6.jar MD5: a9fbd503e0802507efeeaffb56bbdf52 SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82 SHA256: d7f853dee87680b07293d30855b39b9eb56c1297bd16ff1cd6f19ddb8fa745fb httpcore-nio-4.4.5.jarDescription:
Apache HttpComponents Core (non-blocking I/O)
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/httpcore-nio-4.4.5.jarMD5: e570d76d11b6fdf941173ab78ae4288bSHA1: f4be009e7505f6ceddf21e7960c759f413f15056SHA256: 9da82cfb9f50318333d3892e00904f3b74af0825f0f6de32eea7090a2565d0d1
Evidence Type Source Name Value Confidence Vendor pom artifactid httpcore-nio Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom groupid apache.httpcomponents Highest Vendor jar package name apache Highest Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom name Apache HttpCore NIO High Vendor jar package name nio Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name httpcore-nio High Vendor pom parent-artifactid httpcomponents-core Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor Manifest implementation-build tags/4.4.5-RC1/httpcore-nio@r1747417; 2016-06-08 18:38:23+0200 Low Product Manifest specification-title HttpComponents Apache HttpCore NIO Medium Product pom parent-artifactid httpcomponents-core Medium Product pom groupid apache.httpcomponents Highest Product jar package name apache Highest Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom name Apache HttpCore NIO High Product jar package name nio Highest Product jar package name http Highest Product pom artifactid httpcore-nio Highest Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Product file name httpcore-nio High Product Manifest Implementation-Title HttpComponents Apache HttpCore NIO High Product pom parent-groupid org.apache.httpcomponents Medium Product Manifest implementation-build tags/4.4.5-RC1/httpcore-nio@r1747417; 2016-06-08 18:38:23+0200 Low Version file version 4.4.5 High Version Manifest Implementation-Version 4.4.5 High Version pom version 4.4.5 Highest
Related Dependencies httpcore-nio-4.4.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/httpcore-nio-4.4.5.jar MD5: e570d76d11b6fdf941173ab78ae4288b SHA1: f4be009e7505f6ceddf21e7960c759f413f15056 SHA256: 9da82cfb9f50318333d3892e00904f3b74af0825f0f6de32eea7090a2565d0d1 httpcore-nio-4.4.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/httpcore-nio-4.4.5.jar MD5: e570d76d11b6fdf941173ab78ae4288b SHA1: f4be009e7505f6ceddf21e7960c759f413f15056 SHA256: 9da82cfb9f50318333d3892e00904f3b74af0825f0f6de32eea7090a2565d0d1 httpmime-4.5.3.jarDescription:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/httpmime-4.5.3.jarMD5: a00b6287cab2ad554ae3cbdbe983dc88SHA1: 889fd6d061bb63b99dd5c6aba35a555ae863de52SHA256: b4865b79a3aaeef794220b532bc7b07f793fa4aad90c29e83cab2b835cd8ee06
Evidence Type Source Name Value Confidence Vendor Manifest url http://hc.apache.org/httpcomponents-client Low Vendor Manifest implementation-build tags/4.5.3-RC1/httpmime@r1779741; 2017-01-21 16:58:35+0100 Low Vendor jar package name mime Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom groupid apache.httpcomponents Highest Vendor jar package name apache Highest Vendor pom name Apache HttpClient Mime High Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom parent-artifactid httpcomponents-client Low Vendor pom artifactid httpmime Low Vendor file name httpmime High Product Manifest url http://hc.apache.org/httpcomponents-client Low Product Manifest implementation-build tags/4.5.3-RC1/httpmime@r1779741; 2017-01-21 16:58:35+0100 Low Product jar package name mime Highest Product pom groupid apache.httpcomponents Highest Product jar package name apache Highest Product pom name Apache HttpClient Mime High Product pom url http://hc.apache.org/httpcomponents-client Medium Product jar package name http Highest Product Manifest Implementation-Title HttpComponents Apache HttpClient Mime High Product pom parent-groupid org.apache.httpcomponents Medium Product Manifest specification-title HttpComponents Apache HttpClient Mime Medium Product pom parent-artifactid httpcomponents-client Medium Product file name httpmime High Product pom artifactid httpmime Highest Version pom version 4.5.3 Highest Version file version 4.5.3 High Version Manifest Implementation-Version 4.5.3 High
hystrix-core-1.5.10.jarDescription:
hystrix-core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/hystrix-core-1.5.10.jar
MD5: 69aa77b66258c806392c22791226c53a
SHA1: cd46dd2533138019a0473ed16a333aaea4d4b7de
SHA256: 21efe0d01e2c2e736b48d98e0cfaca9ed5e6520edf8962214e242bea548e5f86
Evidence Type Source Name Value Confidence Vendor Manifest branch master Low Vendor central groupid com.netflix.hystrix Highest Vendor Manifest build-number 68 Low Vendor jar package name netflix Highest Vendor Manifest build-host https://netflixoss.ci.cloudbees.com/ Low Vendor Manifest built-os Linux Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name hystrix Highest Vendor jar package name hystrix Low Vendor Manifest bundle-symbolicname com.netflix.hystrix.core Medium Vendor Manifest build-job NetflixOSS/Hystrix/Hystrix-release Low Vendor pom artifactid hystrix-core Low Vendor Manifest bundle-docurl https://github.com/Netflix/Hystrix Low Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest change 4cf7e88 Low Vendor file name hystrix-core High Vendor Manifest built-status integration Low Vendor Manifest module-source /hystrix-core Low Vendor jar package name netflix Low Vendor pom groupid netflix.hystrix Highest Vendor Manifest module-email netflixoss@netflix.com Low Vendor pom url Netflix/Hystrix Highest Vendor Manifest build-date 2017-03-08_12:08:29 Low Vendor pom name hystrix-core High Vendor Manifest module-origin Netflix/Hystrix.git Low Vendor Manifest module-owner netflixoss@netflix.com Low Product pom artifactid hystrix-core Highest Product Manifest branch master Low Product pom url Netflix/Hystrix High Product central artifactid hystrix-core Highest Product Manifest build-number 68 Low Product jar package name netflix Highest Product Manifest build-host https://netflixoss.ci.cloudbees.com/ Low Product Manifest built-os Linux Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Bundle-Name hystrix-core Medium Product jar package name hystrix Highest Product jar package name hystrix Low Product Manifest bundle-symbolicname com.netflix.hystrix.core Medium Product Manifest build-job NetflixOSS/Hystrix/Hystrix-release Low Product Manifest bundle-docurl https://github.com/Netflix/Hystrix Low Product Manifest eclipse-extensibleapi true Low Product Manifest change 4cf7e88 Low Product file name hystrix-core High Product Manifest built-status integration Low Product Manifest module-source /hystrix-core Low Product pom groupid netflix.hystrix Highest Product Manifest module-email netflixoss@netflix.com Low Product Manifest Implementation-Title com.netflix.hystrix#hystrix-core;1.5.10 High Product Manifest build-date 2017-03-08_12:08:29 Low Product pom name hystrix-core High Product Manifest module-origin Netflix/Hystrix.git Low Product Manifest module-owner netflixoss@netflix.com Low Version Manifest Implementation-Version 1.5.10 High Version Manifest Bundle-Version 1.5.10 High Version file version 1.5.10 High Version pom version 1.5.10 Highest Version central version 1.5.10 Highest
Published Vulnerabilities CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (OSSINDEX) suppress
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.netflix.hystrix:hystrix-core:1.5.10:*:*:*:*:*:*:* jackson-annotations-2.8.0.jarDescription:
Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jackson-annotations-2.8.0.jar
MD5: 288e6537849f0c63e76409b515c4fbe4
SHA1: 45b426f7796b741035581a176744d91090e2e6fb
SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8
Evidence Type Source Name Value Confidence Vendor jar package name jackson Highest Vendor file name jackson-annotations High Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest implementation-build-date 2016-07-04 05:20:32+0000 Low Vendor Manifest specification-vendor FasterXML Low Vendor pom name Jackson-annotations High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom url http://github.com/FasterXML/jackson Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name fasterxml Highest Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom artifactid jackson-annotations Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid fasterxml.jackson.core Highest Product jar package name jackson Highest Product file name jackson-annotations High Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product pom artifactid jackson-annotations Highest Product Manifest implementation-build-date 2016-07-04 05:20:32+0000 Low Product Manifest Implementation-Title Jackson-annotations High Product pom url http://github.com/FasterXML/jackson Medium Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest specification-title Jackson-annotations Medium Product Manifest Bundle-Name Jackson-annotations Medium Product jar package name fasterxml Highest Product pom parent-groupid com.fasterxml.jackson Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid fasterxml.jackson.core Highest Version Manifest Bundle-Version 2.8.0 High Version Manifest Implementation-Version 2.8.0 High Version pom parent-version 2.8.0 Low Version file version 2.8.0 High Version pom version 2.8.0 Highest
Related Dependencies jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-annotations-2.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/jackson-annotations-2.8.0.jar MD5: 288e6537849f0c63e76409b515c4fbe4 SHA1: 45b426f7796b741035581a176744d91090e2e6fb SHA256: e61b7343aceeb6ecda291d4ef133cd3e765f178c631c357ffd081abab7f15db8 jackson-core-2.8.7.jarDescription:
Core Jackson abstractions, basic JSON streaming API implementation License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jackson-core-2.8.7.jar
MD5: 18507133d5fc96dee39186b6d44d148e
SHA1: 8b46f39c78476fb848c81a49fa807a9e9506dddd
SHA256: 256ff34118ab292d1b4f3ee4d2c3e5e5f0f609d8e07c57e8ad1f51c46d4fbb46
Evidence Type Source Name Value Confidence Vendor pom name Jackson-core High Vendor jar package name jackson Highest Vendor Manifest specification-vendor FasterXML Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor jar package name core Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest implementation-build-date 2017-02-21 01:01:32+0000 Low Vendor pom artifactid jackson-core Low Vendor file name jackson-core High Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name json Highest Vendor jar package name fasterxml Highest Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid fasterxml.jackson.core Highest Vendor pom url FasterXML/jackson-core Highest Product pom name Jackson-core High Product Manifest Bundle-Name Jackson-core Medium Product jar package name jackson Highest Product pom url FasterXML/jackson-core High Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product jar package name core Highest Product Manifest implementation-build-date 2017-02-21 01:01:32+0000 Low Product pom parent-artifactid jackson-parent Medium Product Manifest Implementation-Title Jackson-core High Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product file name jackson-core High Product jar package name filter Highest Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product jar package name json Highest Product jar package name fasterxml Highest Product pom parent-groupid com.fasterxml.jackson Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name version Highest Product pom groupid fasterxml.jackson.core Highest Version file version 2.8.7 High Version pom parent-version 2.8.7 Low Version pom version 2.8.7 Highest Version Manifest Implementation-Version 2.8.7 High Version Manifest Bundle-Version 2.8.7 High
Related Dependencies jackson-core-asl-1.9.11.jarDescription:
Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jackson-core-asl-1.9.11.jar
MD5: 49801a6d43725d5c3a1a52ca021d7dc5
SHA1: e32303ef8bd18a5c9272780d49b81c95e05ddf43
SHA256: 5fb6924b888550a9b0e8420747a93cc4ad24e03e724dcf4934c30cc0c4882ffc
Evidence Type Source Name Value Confidence Vendor jar package name jackson Highest Vendor pom artifactid jackson-core-asl Low Vendor pom name Jackson High Vendor jar package name jackson Low Vendor pom organization name FasterXML High Vendor pom organization url http://fasterxml.com Medium Vendor file name jackson-core-asl High Vendor Manifest bundle-symbolicname jackson-core-asl Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Vendor Manifest specification-vendor http://www.ietf.org/rfc/rfc4627.txt Low Vendor central groupid org.codehaus.jackson Highest Vendor pom url http://jackson.codehaus.org Highest Vendor jar package name codehaus Low Vendor pom groupid codehaus.jackson Highest Vendor Manifest Implementation-Vendor http://fasterxml.com High Product Manifest Implementation-Title Jackson JSON processor High Product central artifactid jackson-core-asl Highest Product jar package name jackson Highest Product Manifest specification-title JSON - JavaScript Object Notation Medium Product pom organization url http://fasterxml.com Low Product Manifest Bundle-Name Jackson JSON processor Medium Product pom name Jackson High Product jar package name jackson Low Product file name jackson-core-asl High Product pom artifactid jackson-core-asl Highest Product Manifest bundle-symbolicname jackson-core-asl Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Product pom url http://jackson.codehaus.org Medium Product pom groupid codehaus.jackson Highest Product pom organization name FasterXML Low Version central version 1.9.11 Highest Version file version 1.9.11 High Version Manifest Bundle-Version 1.9.11 High Version Manifest Implementation-Version 1.9.11 High Version pom version 1.9.11 Highest
jackson-coreutils-1.6.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jackson-coreutils-1.6.jar
MD5: 26a6b351813e2895cba18e0ee4abe5b7
SHA1: 9e6af56eb7cc2a65700b289abc7ee2bd170fd231
SHA256: d84b416924fb061a26c48a5c90e98cf4d4e718179eb1df702aa8f1021163eed6
Evidence Type Source Name Value Confidence Vendor central groupid com.github.fge Highest Vendor jar package name jackson Highest Vendor jar package name github Low Vendor pom url fge/jackson-coreutils Highest Vendor jar package name github Highest Vendor jar package name jackson Low Vendor Manifest bundle-symbolicname com.github.fge.jackson-coreutils Medium Vendor jar package name fge Low Vendor pom groupid github.fge Highest Vendor pom name null High Vendor file name jackson-coreutils High Vendor jar package name fge Highest Vendor pom artifactid jackson-coreutils Low Product pom artifactid jackson-coreutils Highest Product jar package name jackson Highest Product jar package name github Highest Product jar package name jackson Low Product Manifest bundle-symbolicname com.github.fge.jackson-coreutils Medium Product jar package name fge Low Product pom groupid github.fge Highest Product pom name null High Product Manifest Bundle-Name jackson-coreutils Medium Product central artifactid jackson-coreutils Highest Product file name jackson-coreutils High Product jar package name fge Highest Product pom url fge/jackson-coreutils High Version Manifest Bundle-Version 1.6 High Version central version 1.6 Highest Version pom version 1.6 Highest Version file version 1.6 High
jackson-databind-2.9.10.6.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/jackson-databind-2.9.10.6.jar
MD5: 16a6e3c655806bddeb0663ed6435b07e
SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a
SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name jackson Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom artifactid jackson-databind Low Vendor pom url http://github.com/FasterXML/jackson Highest Vendor Manifest automatic-module-name com.fasterxml.jackson.databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name fasterxml Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor Manifest implementation-build-date 2020-08-24 22:21:32+0000 Low Vendor jar package name databind Highest Vendor pom groupid fasterxml.jackson.core Highest Vendor pom name jackson-databind High Product file name jackson-databind High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name jackson Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product pom url http://github.com/FasterXML/jackson Medium Product Manifest Implementation-Title jackson-databind High Product pom artifactid jackson-databind Highest Product Manifest specification-title jackson-databind Medium Product Manifest Bundle-Name jackson-databind Medium Product Manifest automatic-module-name com.fasterxml.jackson.databind Medium Product pom parent-artifactid jackson-base Medium Product jar package name fasterxml Highest Product pom parent-groupid com.fasterxml.jackson Medium Product Manifest implementation-build-date 2020-08-24 22:21:32+0000 Low Product jar package name databind Highest Product pom groupid fasterxml.jackson.core Highest Product pom name jackson-databind High Version file version 2.9.10.6 High Version Manifest Implementation-Version 2.9.10.6 High Version Manifest Bundle-Version 2.9.10.6 High Version pom parent-version 2.9.10.6 Low Version pom version 2.9.10.6 Highest
Related Dependencies jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-databind-2.9.10.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jackson-databind-2.9.10.6.jar MD5: 16a6e3c655806bddeb0663ed6435b07e SHA1: fbe40c0535b836082be7e3f8cac79275b9c8ff4a SHA256: a2885687e7856c09923ecce53eb10d131f4339958b18ff111e2d66c5be7453da jackson-dataformat-cbor-2.8.7.jarDescription:
Support for reading and writing Concise Binary Object Representation
([CBOR](https://www.rfc-editor.org/info/rfc7049)
encoded data using Jackson abstractions (streaming API, data binding, tree model)
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jackson-dataformat-cbor-2.8.7.jar
MD5: a888ae9515c9be1605e6dd3081f56430
SHA1: c63d6021cbdc3683cb0c48da81660bc15f1adeba
SHA256: 3929804834b88ba82e3ae49f213d34174fda4464de8ffc7124cf465d96a4fef1
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name jackson Highest Vendor jar package name cbor Highest Vendor pom parent-artifactid jackson-dataformats-binary Low Vendor Manifest specification-vendor FasterXML Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Vendor pom parent-groupid com.fasterxml.jackson.dataformat Medium Vendor jar package name dataformat Highest Vendor pom groupid fasterxml.jackson.dataformat Highest Vendor pom artifactid jackson-dataformat-cbor Low Vendor file name jackson-dataformat-cbor High Vendor pom name Jackson dataformat: CBOR High Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name fasterxml Highest Vendor Manifest implementation-build-date 2017-02-21 01:20:49+0000 Low Vendor pom url http://github.com/FasterXML/jackson-dataformats-binary Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest Implementation-Title Jackson dataformat: CBOR High Product jar package name jackson Highest Product jar package name cbor Highest Product pom url http://github.com/FasterXML/jackson-dataformats-binary Medium Product Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Product pom parent-groupid com.fasterxml.jackson.dataformat Medium Product jar package name dataformat Highest Product pom groupid fasterxml.jackson.dataformat Highest Product file name jackson-dataformat-cbor High Product pom artifactid jackson-dataformat-cbor Highest Product pom name Jackson dataformat: CBOR High Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Product Manifest Bundle-Name Jackson dataformat: CBOR Medium Product jar package name fasterxml Highest Product Manifest specification-title Jackson dataformat: CBOR Medium Product pom parent-artifactid jackson-dataformats-binary Medium Product Manifest implementation-build-date 2017-02-21 01:20:49+0000 Low Version file version 2.8.7 High Version pom version 2.8.7 Highest Version Manifest Implementation-Version 2.8.7 High Version Manifest Bundle-Version 2.8.7 High
Related Dependencies jackson-dataformat-smile-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jackson-dataformat-smile-2.8.7.jar MD5: b629d91dd5392a02d92ce157e3c5ca11 SHA1: 89ad092b70454787141d177e9f282c67271d448c SHA256: 77b0af9b63eef59c12949a8bc98cbfdabde755d162075ed7057dd04cc38aae4b jackson-dataformat-smile-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jackson-dataformat-smile-2.8.7.jar MD5: b629d91dd5392a02d92ce157e3c5ca11 SHA1: 89ad092b70454787141d177e9f282c67271d448c SHA256: 77b0af9b63eef59c12949a8bc98cbfdabde755d162075ed7057dd04cc38aae4b jackson-dataformat-yaml-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jackson-dataformat-yaml-2.8.7.jar MD5: 0a3e0be4cd0faa1414e73cb89925df36 SHA1: 8edf8581b942d4b2727d56ac5dd1f5333a58c376 SHA256: cac2e34ec6054dc78b1f4b095091dad92a9acf4df4c27d4312a28b9537645106 jackson-dataformat-cbor-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jackson-dataformat-cbor-2.8.7.jar MD5: a888ae9515c9be1605e6dd3081f56430 SHA1: c63d6021cbdc3683cb0c48da81660bc15f1adeba SHA256: 3929804834b88ba82e3ae49f213d34174fda4464de8ffc7124cf465d96a4fef1 jackson-dataformat-cbor-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jackson-dataformat-cbor-2.8.7.jar MD5: a888ae9515c9be1605e6dd3081f56430 SHA1: c63d6021cbdc3683cb0c48da81660bc15f1adeba SHA256: 3929804834b88ba82e3ae49f213d34174fda4464de8ffc7124cf465d96a4fef1 jackson-dataformat-smile-2.8.7.jar jackson-dataformat-yaml-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jackson-dataformat-yaml-2.8.7.jar MD5: 0a3e0be4cd0faa1414e73cb89925df36 SHA1: 8edf8581b942d4b2727d56ac5dd1f5333a58c376 SHA256: cac2e34ec6054dc78b1f4b095091dad92a9acf4df4c27d4312a28b9537645106 jackson-dataformat-cbor-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jackson-dataformat-cbor-2.8.7.jar MD5: a888ae9515c9be1605e6dd3081f56430 SHA1: c63d6021cbdc3683cb0c48da81660bc15f1adeba SHA256: 3929804834b88ba82e3ae49f213d34174fda4464de8ffc7124cf465d96a4fef1 jackson-dataformat-yaml-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jackson-dataformat-yaml-2.8.7.jar MD5: 0a3e0be4cd0faa1414e73cb89925df36 SHA1: 8edf8581b942d4b2727d56ac5dd1f5333a58c376 SHA256: cac2e34ec6054dc78b1f4b095091dad92a9acf4df4c27d4312a28b9537645106 pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.8.7 jackson-dataformat-yaml-2.8.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jackson-dataformat-yaml-2.8.7.jar MD5: 0a3e0be4cd0faa1414e73cb89925df36 SHA1: 8edf8581b942d4b2727d56ac5dd1f5333a58c376 SHA256: cac2e34ec6054dc78b1f4b095091dad92a9acf4df4c27d4312a28b9537645106 jackson-datatype-joda-2.8.7.jarDescription:
Add-on module for Jackson (http://jackson.codehaus.org) to support
Joda (http://joda-time.sourceforge.net/) data types.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jackson-datatype-joda-2.8.7.jar
MD5: 06b7fc1f84217b4247bf59c3303c4c13
SHA1: 66c64b58f3984b62b191f56c0e4d7ea63fedd1d5
SHA256: dc11f4025d16e67baec43e72efd8509b9bca7860cb6ecbad66a93716cf152f35
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonModuleJoda Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name jackson Highest Vendor file name jackson-datatype-joda High Vendor jar package name datatype Highest Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-datatype-joda Low Vendor pom url http://wiki.fasterxml.com/JacksonModuleJoda Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor pom groupid fasterxml.jackson.datatype Highest Vendor jar package name fasterxml Highest Vendor pom parent-artifactid jackson-parent Low Vendor jar package name joda Highest Vendor Manifest implementation-build-date 2017-02-21 04:20:56+0000 Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom name Jackson-datatype-Joda High Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-joda Medium Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonModuleJoda Low Product pom artifactid jackson-datatype-joda Highest Product pom url http://wiki.fasterxml.com/JacksonModuleJoda Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name jackson Highest Product file name jackson-datatype-joda High Product jar package name datatype Highest Product pom parent-artifactid jackson-parent Medium Product Manifest specification-title Jackson-datatype-Joda Medium Product Manifest Bundle-Name Jackson-datatype-Joda Medium Product pom groupid fasterxml.jackson.datatype Highest Product jar package name fasterxml Highest Product jar package name joda Highest Product Manifest Implementation-Title Jackson-datatype-Joda High Product Manifest implementation-build-date 2017-02-21 04:20:56+0000 Low Product pom parent-groupid com.fasterxml.jackson Medium Product pom name Jackson-datatype-Joda High Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-joda Medium Version file version 2.8.7 High Version pom parent-version 2.8.7 Low Version pom version 2.8.7 Highest Version Manifest Implementation-Version 2.8.7 High Version Manifest Bundle-Version 2.8.7 High
jackson-mapper-asl-1.9.11.jarDescription:
Data Mapper package is a high-performance data binding package
built on Jackson JSON processor
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jackson-mapper-asl-1.9.11.jar
MD5: 8f10143a94de3e786dd53db10fa54598
SHA1: 45d70862fa016993193075a1e8e32a01dcf438e8
SHA256: 246ee4dcb26cb040608eab5d978efe2618564568923c0a98e6118f8858b31def
Evidence Type Source Name Value Confidence Vendor jar package name jackson Highest Vendor Manifest bundle-symbolicname jackson-mapper-asl Medium Vendor pom name Data Mapper for Jackson High Vendor jar package name jackson Low Vendor pom organization name FasterXML High Vendor jar package name map Low Vendor pom organization url http://fasterxml.com Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Vendor central groupid org.codehaus.jackson Highest Vendor pom url http://jackson.codehaus.org Highest Vendor file name jackson-mapper-asl High Vendor jar package name codehaus Low Vendor pom groupid codehaus.jackson Highest Vendor pom artifactid jackson-mapper-asl Low Vendor Manifest Implementation-Vendor http://fasterxml.com High Product jar package name jackson Highest Product Manifest bundle-symbolicname jackson-mapper-asl Medium Product pom artifactid jackson-mapper-asl Highest Product pom name Data Mapper for Jackson High Product pom organization url http://fasterxml.com Low Product jar package name jackson Low Product jar package name map Low Product Manifest Bundle-Name Data mapper for Jackson JSON processor Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Product pom url http://jackson.codehaus.org Medium Product central artifactid jackson-mapper-asl Highest Product file name jackson-mapper-asl High Product pom groupid codehaus.jackson Highest Product pom organization name FasterXML Low Product Manifest Implementation-Title Data mapper for Jackson JSON processor High Version central version 1.9.11 Highest Version file version 1.9.11 High Version Manifest Bundle-Version 1.9.11 High Version Manifest Implementation-Version 1.9.11 High Version pom version 1.9.11 Highest
Published Vulnerabilities CVE-2017-15095 (OSSINDEX) suppress
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2017-17485 (OSSINDEX) suppress
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2017-7525 (OSSINDEX) suppress
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2018-1000873 (OSSINDEX) suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2018-14718 (OSSINDEX) suppress
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2018-5968 (OSSINDEX) suppress
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2018-7489 (OSSINDEX) suppress
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2019-10172 suppress
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-14540 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2019-14893 (OSSINDEX) suppress
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2019-16335 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2019-17267 (OSSINDEX) suppress
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2020-10672 (OSSINDEX) suppress
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* CVE-2020-10673 (OSSINDEX) suppress
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.jackson:jackson-mapper-asl:1.9.11:*:*:*:*:*:*:* jacoco-maven-plugin-0.7.9.jarDescription:
The JaCoCo Maven Plugin provides the JaCoCo runtime agent to your tests and allows basic report creation. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jacoco-maven-plugin-0.7.9.jarMD5: 266f1f82dec724de8b66efe8fa4333e6SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid org.jacoco.build Low Vendor jar package name jacoco Low Vendor jar package name maven Low Vendor jar package name maven Highest Vendor pom artifactid jacoco-maven-plugin Low Vendor file name jacoco-maven-plugin High Vendor pom groupid jacoco Highest Vendor pom parent-groupid org.jacoco Medium Vendor jar package name jacoco Highest Vendor pom name JaCoCo :: Maven Plugin High Product jar package name maven Low Product jar package name maven Highest Product file name jacoco-maven-plugin High Product pom groupid jacoco Highest Product pom artifactid jacoco-maven-plugin Highest Product pom parent-artifactid org.jacoco.build Medium Product pom parent-groupid org.jacoco Medium Product jar package name jacoco Highest Product pom name JaCoCo :: Maven Plugin High Version pom version 0.7.9 Highest Version file version 0.7.9 High
Related Dependencies jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed jacoco-maven-plugin-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jacoco-maven-plugin-0.7.9.jar MD5: 266f1f82dec724de8b66efe8fa4333e6 SHA1: a4b7c694a54f147824d0e15cb27a0a86721a0a77 SHA256: 0c2aed24e4e811b0fdc3fd1f483ea75c8ed810e09e3484e126fa0ea7867bdbed javaluator-3.0.1.jarDescription:
Javaluator is a simple, but powerful, infix expression evaluator for Java. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/javaluator-3.0.1.jarMD5: 164a27515cd2fa803cb817d2f3364948SHA1: 2858833d5416801d8df6928ef4a9c9acb5e289e3SHA256: 59621cf2f911f02c2382d1105cf3cdd0527e3c471c07212902a3ca175559e6fc
Evidence Type Source Name Value Confidence Vendor pom groupid fathzer Highest Vendor pom artifactid javaluator Low Vendor jar package name javaluator Low Vendor file name javaluator High Vendor pom name javaluator High Vendor pom parent-artifactid parent-pom Low Vendor jar package name fathzer Low Vendor jar package name fathzer Highest Vendor pom url http://javaluator.fathzer.com Highest Vendor jar package name javaluator Highest Vendor pom parent-groupid com.fathzer Medium Vendor jar package name soft Low Product pom groupid fathzer Highest Product pom name javaluator High Product jar package name javaluator Low Product jar package name fathzer Highest Product pom artifactid javaluator Highest Product jar package name javaluator Highest Product pom url http://javaluator.fathzer.com Medium Product pom parent-groupid com.fathzer Medium Product file name javaluator High Product pom parent-artifactid parent-pom Medium Product jar package name soft Low Version file version 3.0.1 High Version pom version 3.0.1 Highest Version pom parent-version 3.0.1 Low
javax.annotation-api-1.3.2.jarDescription:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256: e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest extension-name javax.annotation Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom organization name GlassFish Community High Vendor pom name ${extension.name} API High Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor pom artifactid javax.annotation-api Low Vendor pom organization url https://javaee.github.io/glassfish Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom groupid javax.annotation Highest Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Vendor file name javax.annotation-api High Vendor Manifest bundle-docurl https://javaee.github.io/glassfish Low Vendor jar package name javax Highest Vendor jar package name annotation Highest Vendor pom parent-groupid net.java Medium Vendor pom parent-artifactid jvnet-parent Low Product Manifest automatic-module-name java.annotation Medium Product pom organization url https://javaee.github.io/glassfish Low Product Manifest extension-name javax.annotation Medium Product pom name ${extension.name} API High Product Manifest Bundle-Name javax.annotation API Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Product pom organization name GlassFish Community Low Product Manifest bundle-symbolicname javax.annotation-api Medium Product pom groupid javax.annotation Highest Product pom parent-artifactid jvnet-parent Medium Product file name javax.annotation-api High Product Manifest bundle-docurl https://javaee.github.io/glassfish Low Product pom artifactid javax.annotation-api Highest Product jar package name javax Highest Product jar package name annotation Highest Product pom parent-groupid net.java Medium Version Manifest Implementation-Version 1.3.2 High Version pom version 1.3.2 Highest Version pom parent-version 1.3.2 Low Version file version 1.3.2 High Version Manifest Bundle-Version 1.3.2 High
javax.batch-api-1.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/javax.batch-api-1.0.jarMD5: d2c9b38431c46dc26a9eb722a6ff8903SHA1: 65392d027a6eb369fd9fcd1b75cae150e25ac03cSHA256: 784190953892bab713a5dc5d2a611ec6b71c5d0adcd69c96db0870f3712ea24b
Evidence Type Source Name Value Confidence Vendor pom groupid javax.batch Highest Vendor jar package name api Highest Vendor Manifest bundle-symbolicname javax.batch-api Medium Vendor jar package name batch Highest Vendor pom parent-artifactid jbatch Low Vendor pom artifactid javax.batch-api Low Vendor file name javax.batch-api High Vendor jar package name javax Highest Vendor Manifest extension-name javax.batch Medium Product pom groupid javax.batch Highest Product jar package name api Highest Product pom artifactid javax.batch-api Highest Product Manifest Bundle-Name javax.batch-api Medium Product Manifest bundle-symbolicname javax.batch-api Medium Product jar package name batch Highest Product file name javax.batch-api High Product jar package name javax Highest Product Manifest extension-name javax.batch Medium Product pom parent-artifactid jbatch Medium Version Manifest Bundle-Version 1.0 High Version Manifest Implementation-Version 1.0 High Version file version 1.0 High Version pom version 1.0 Highest
javax.el-2.2.4.jarDescription:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/javax.el-2.2.4.jar
MD5: 630281cfda93b57a95287dac09184014
SHA1: a50914ff519682e185bca4385b4313b8c8a81775
SHA256: 787e7e247da8008c699bafd8e086ccae13e6f3cac3c07ca1c698e44f917b42de
Evidence Type Source Name Value Confidence Vendor Manifest extension-name javax.el Medium Vendor pom name Expression Language 2.2 Implementation High Vendor pom artifactid javax.el Low Vendor jar package name el Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom organization name GlassFish Community High Vendor pom organization url http://glassfish.org Medium Vendor pom url http://uel.java.net Highest Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor file name javax.el High Vendor Manifest bundle-docurl http://glassfish.org Low Vendor pom groupid glassfish.web Highest Vendor Manifest bundle-symbolicname org.glassfish.web.javax.el Medium Vendor pom parent-groupid net.java Medium Vendor pom parent-artifactid jvnet-parent Low Product Manifest Bundle-Name Expression Language 2.2 Implementation Medium Product Manifest extension-name javax.el Medium Product pom name Expression Language 2.2 Implementation High Product pom organization url http://glassfish.org Low Product jar package name el Highest Product pom url http://uel.java.net Medium Product pom organization name GlassFish Community Low Product pom artifactid javax.el Highest Product pom parent-artifactid jvnet-parent Medium Product file name javax.el High Product Manifest bundle-docurl http://glassfish.org Low Product pom groupid glassfish.web Highest Product Manifest bundle-symbolicname org.glassfish.web.javax.el Medium Product pom parent-groupid net.java Medium Version Manifest Implementation-Version 2.2.4 High Version Manifest Bundle-Version 2.2.4 High Version file version 2.2.4 High Version pom parent-version 2.2.4 Low Version pom version 2.2.4 Highest
javax.el-api-2.2.5.jarDescription:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/javax.el-api-2.2.5.jar
MD5: 2175d1f7cb694bc06db07e445d37f8b7
SHA1: 370140e991eefb212a6d6baedbce585f00ef76e0
SHA256: 07bed15032caa7203b43a145d8f0a0fd7a8fd74452e089627f1abe36bbb7648e
Evidence Type Source Name Value Confidence Vendor Manifest extension-name javax.el Medium Vendor jar package name el Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor file name javax.el-api High Vendor pom artifactid javax.el-api Low Vendor pom organization name GlassFish Community High Vendor pom groupid javax.el Highest Vendor Manifest bundle-symbolicname javax.el-api Medium Vendor pom organization url http://glassfish.org Medium Vendor pom name Expression Language API 2.2 High Vendor pom url http://uel.java.net Highest Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor jar package name expression Highest Vendor Manifest bundle-docurl http://glassfish.org Low Vendor jar package name javax Highest Vendor pom parent-groupid net.java Medium Vendor pom parent-artifactid jvnet-parent Low Product pom artifactid javax.el-api Highest Product Manifest extension-name javax.el Medium Product Manifest Bundle-Name Expression Language API 2.2 Medium Product pom organization url http://glassfish.org Low Product jar package name el Highest Product pom url http://uel.java.net Medium Product file name javax.el-api High Product pom groupid javax.el Highest Product Manifest bundle-symbolicname javax.el-api Medium Product pom name Expression Language API 2.2 High Product pom organization name GlassFish Community Low Product pom parent-artifactid jvnet-parent Medium Product jar package name expression Highest Product Manifest bundle-docurl http://glassfish.org Low Product jar package name javax Highest Product pom parent-groupid net.java Medium Version Manifest Implementation-Version 2.2.5 High Version Manifest Bundle-Version 2.2.5 High Version file version 2.2.5 High Version pom parent-version 2.2.5 Low Version pom version 2.2.5 Highest
javax.servlet-api-3.1.0.jarDescription:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Evidence Type Source Name Value Confidence Vendor pom url http://servlet-spec.java.net Highest Vendor pom artifactid javax.servlet-api Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor jar package name servlet Highest Vendor pom organization name GlassFish Community High Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor jar package name javax Highest Vendor pom name Java Servlet API High Vendor pom organization url https://glassfish.dev.java.net Medium Vendor file name javax.servlet-api High Vendor Manifest extension-name javax.servlet Medium Vendor pom groupid javax.servlet Highest Vendor pom parent-groupid net.java Medium Vendor pom parent-artifactid jvnet-parent Low Product pom organization url https://glassfish.dev.java.net Low Product jar package name servlet Highest Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product pom url http://servlet-spec.java.net Medium Product pom organization name GlassFish Community Low Product pom parent-artifactid jvnet-parent Medium Product Manifest Bundle-Name Java Servlet API Medium Product Manifest bundle-symbolicname javax.servlet-api Medium Product jar package name javax Highest Product pom name Java Servlet API High Product file name javax.servlet-api High Product Manifest extension-name javax.servlet Medium Product pom groupid javax.servlet Highest Product pom parent-groupid net.java Medium Product pom artifactid javax.servlet-api Highest Version pom parent-version 3.1.0 Low Version pom version 3.1.0 Highest Version file version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High
jboss-logging-3.3.0.Final.jarDescription:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/jboss-logging-3.3.0.Final.jar
MD5: bc11af4b8ce7138cdc79b7ba8561638c
SHA1: 3616bb87707910296e2c195dc016287080bba5af
SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest build-timestamp Thu, 28 May 2015 09:49:28 -0700 Low Vendor Manifest implementation-url http://www.jboss.org Low Vendor pom artifactid jboss-logging Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-arch amd64 Low Vendor jar package name jboss Highest Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom name JBoss Logging 3 High Vendor file name jboss-logging High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor pom url http://www.jboss.org Highest Vendor Manifest os-name Linux Medium Vendor jar package name logging Highest Vendor pom parent-artifactid jboss-parent Low Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.logging Highest Vendor pom parent-groupid org.jboss Medium Vendor hint analyzer vendor redhat Highest Product Manifest build-timestamp Thu, 28 May 2015 09:49:28 -0700 Low Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest implementation-url http://www.jboss.org Low Product Manifest specification-title JBoss Logging 3 Medium Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest os-arch amd64 Low Product jar package name jboss Highest Product pom artifactid jboss-logging Highest Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom name JBoss Logging 3 High Product pom url http://www.jboss.org Medium Product file name jboss-logging High Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest os-name Linux Medium Product jar package name logging Highest Product pom groupid jboss.logging Highest Product pom parent-groupid org.jboss Medium Product pom parent-artifactid jboss-parent Medium Version Manifest Bundle-Version 3.3.0.Final High Version Manifest Implementation-Version 3.3.0.Final High Version pom version 3.3.0.Final Highest Version pom parent-version 3.3.0.Final Low
Related Dependencies jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jboss-logging-3.3.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c jcl-over-slf4j-1.7.24.jarDescription:
JCL 1.2 implemented over SLF4J File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/jcl-over-slf4j-1.7.24.jarMD5: c4f92652e13f3095fc95fcdcb5b514d7SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fcSHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948
Evidence Type Source Name Value Confidence Vendor pom artifactid jcl-over-slf4j Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom name JCL 1.2 implemented over SLF4J High Vendor file name jcl-over-slf4j High Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Product Manifest Implementation-Title jcl-over-slf4j High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom name JCL 1.2 implemented over SLF4J High Product file name jcl-over-slf4j High Product Manifest Bundle-Name jcl-over-slf4j Medium Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product pom artifactid jcl-over-slf4j Highest Product pom groupid slf4j Highest Product pom parent-groupid org.slf4j Medium Product pom url http://www.slf4j.org Medium Version Manifest Implementation-Version 1.7.24 High Version Manifest Bundle-Version 1.7.24 High Version file version 1.7.24 High Version pom version 1.7.24 Highest
Related Dependencies jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jcl-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/jcl-over-slf4j-1.7.24.jar MD5: c4f92652e13f3095fc95fcdcb5b514d7 SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc SHA256: 53c6d81ae92ab7a67abf03439b0a2c3872cfe04bab3bf8db9c58fd03f5e71948 jconsole-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jconsole-1.8.0.jarMD5: 24c00cecdcbe28558c0fe8e92321e93eSHA1: bab810a170e65f9f05ebe0a16dbb4ff21ff50e3cSHA256: 64403fb60da8de18e461c2656f716bacbc1958e09fb6d0f5cfe63263e953cc49
Evidence Type Source Name Value Confidence Vendor file name jconsole High Vendor jar package name sun Low Vendor jar package name tools Low Vendor jar (hint) package name oracle Low Vendor jar package name jconsole Low Product file name jconsole High Product jar package name tools Low Product jar package name jconsole Low Version file name jconsole Medium Version file version 1.8.0 High
Related Dependencies jconsole-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jconsole-1.8.0.jar MD5: 24c00cecdcbe28558c0fe8e92321e93e SHA1: bab810a170e65f9f05ebe0a16dbb4ff21ff50e3c SHA256: 64403fb60da8de18e461c2656f716bacbc1958e09fb6d0f5cfe63263e953cc49 jconsole-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jconsole-1.8.0.jar MD5: 24c00cecdcbe28558c0fe8e92321e93e SHA1: bab810a170e65f9f05ebe0a16dbb4ff21ff50e3c SHA256: 64403fb60da8de18e461c2656f716bacbc1958e09fb6d0f5cfe63263e953cc49 jconsole-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jconsole-1.8.0.jar MD5: 24c00cecdcbe28558c0fe8e92321e93e SHA1: bab810a170e65f9f05ebe0a16dbb4ff21ff50e3c SHA256: 64403fb60da8de18e461c2656f716bacbc1958e09fb6d0f5cfe63263e953cc49 jconsole-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jconsole-1.8.0.jar MD5: 24c00cecdcbe28558c0fe8e92321e93e SHA1: bab810a170e65f9f05ebe0a16dbb4ff21ff50e3c SHA256: 64403fb60da8de18e461c2656f716bacbc1958e09fb6d0f5cfe63263e953cc49 jconsole-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jconsole-1.8.0.jar MD5: 24c00cecdcbe28558c0fe8e92321e93e SHA1: bab810a170e65f9f05ebe0a16dbb4ff21ff50e3c SHA256: 64403fb60da8de18e461c2656f716bacbc1958e09fb6d0f5cfe63263e953cc49 jdom-1.1.jarDescription:
JDOM is, quite simply, a Java representation of an XML document. JDOM provides a way to represent that document for
easy and efficient reading, manipulation, and writing. It has a straightforward API, is a lightweight and fast, and
is optimized for the Java programmer. It's an alternative to DOM and SAX, although it integrates well with both DOM
and SAX.
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jdom-1.1.jarMD5: adf67fc5dcf48e1593640ad7e02f6ad4SHA1: 1d04c0f321ea337f3661cf7ede8f4c6f653a8fddSHA256: 3c167654499436ee9c19674b519d04e7364085533f6facada1bf90b16ad34897
Evidence Type Source Name Value Confidence Vendor pom groupid jdom Highest Vendor pom name JDOM High Vendor manifest: org/jdom/filter/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/transform/ Implementation-Vendor jdom.org Medium Vendor central groupid org.jdom Highest Vendor pom artifactid jdom Low Vendor file name jdom High Vendor manifest: org/jdom/input/ Implementation-Vendor jdom.org Medium Vendor jar package name jdom Highest Vendor jar package name jdom Low Vendor manifest: org/jdom/adapters/ Implementation-Vendor jdom.org Medium Vendor pom url http://www.jdom.org/ Highest Vendor manifest: org/jdom/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/output/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/xpath/ Implementation-Vendor jdom.org Medium Product manifest: org/jdom/transform/ Specification-Title JDOM Transformation Classes Medium Product pom groupid jdom Highest Product pom name JDOM High Product manifest: org/jdom/output/ Specification-Title JDOM Output Classes Medium Product manifest: org/jdom/filter/ Specification-Title JDOM Filter Classes Medium Product manifest: org/jdom/adapters/ Specification-Title JDOM Adapter Classes Medium Product central artifactid jdom Highest Product file name jdom High Product manifest: org/jdom/filter/ Implementation-Title org.jdom.filter Medium Product pom artifactid jdom Highest Product manifest: org/jdom/transform/ Implementation-Title org.jdom.transform Medium Product jar package name filter Highest Product jar package name jdom Highest Product manifest: org/jdom/xpath/ Implementation-Title org.jdom.xpath Medium Product manifest: org/jdom/xpath/ Specification-Title JDOM XPath Classes Medium Product jar package name input Highest Product manifest: org/jdom/input/ Implementation-Title org.jdom.input Medium Product manifest: org/jdom/ Specification-Title JDOM Classes Medium Product jar package name output Highest Product jar package name xpath Highest Product jar package name adapters Highest Product manifest: org/jdom/ Implementation-Title org.jdom Medium Product pom url http://www.jdom.org/ Medium Product manifest: org/jdom/output/ Implementation-Title org.jdom.output Medium Product manifest: org/jdom/input/ Specification-Title JDOM Input Classes Medium Product jar package name transform Highest Product manifest: org/jdom/adapters/ Implementation-Title org.jdom.adapters Medium Version manifest: org/jdom/output/ Implementation-Version 1.1 Medium Version manifest: org/jdom/ Implementation-Version 1.1 Medium Version manifest: org/jdom/xpath/ Implementation-Version 1.1 Medium Version manifest: org/jdom/filter/ Implementation-Version 1.1 Medium Version file version 1.1 High Version manifest: org/jdom/input/ Implementation-Version 1.1 Medium Version pom version 1.1 Highest Version manifest: org/jdom/adapters/ Implementation-Version 1.1 Medium Version manifest: org/jdom/transform/ Implementation-Version 1.1 Medium Version central version 1.1 Highest
jedis-2.9.0.jarDescription:
Jedis is a blazingly small and sane Redis java client. License:
MIT: http://github.com/xetorthio/jedis/raw/master/LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jedis-2.9.0.jar
MD5: 6a6aca8811e3d0c74525ca670a310f3f
SHA1: 292bc9cc26553acd3cccc26f2f95620bf88a04c2
SHA256: 1eaa96cb8e5055e4d517467f0f3b2b3cbbc62a7d9d1e8b6a23c617ec60d386fa
Evidence Type Source Name Value Confidence Vendor file name jedis High Vendor pom name Jedis High Vendor pom groupid redis.clients Highest Vendor pom artifactid jedis Low Vendor Manifest bundle-symbolicname redis.clients.jedis Medium Vendor jar package name redis Highest Vendor jar package name clients Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name jedis Highest Vendor pom url xetorthio/jedis Highest Vendor jar package name client Highest Product file name jedis High Product pom groupid redis.clients Highest Product pom artifactid jedis Highest Product jar package name clients Highest Product jar package name jedis Highest Product Manifest Bundle-Name Jedis Medium Product pom name Jedis High Product pom url xetorthio/jedis High Product Manifest bundle-symbolicname redis.clients.jedis Medium Product jar package name redis Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name client Highest Version file version 2.9.0 High Version pom version 2.9.0 Highest Version Manifest Bundle-Version 2.9.0 High
jettison-1.2.jarDescription:
A StAX implementation for JSON. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jettison-1.2.jarMD5: 4661a5152aa90f104948bdc78fdf255cSHA1: 0765a6181653f4b05c18c7a9e8f5c1f8269bf9b2SHA256: 544a20dcb7327bef08b0292afdf2a1312bf3004b9bde1bf06ea52b99dea414e9
Evidence Type Source Name Value Confidence Vendor jar package name codehaus Highest Vendor jar package name jettison Highest Vendor jar package name json Highest Vendor pom groupid codehaus.jettison Highest Vendor Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium Vendor pom name Jettison High Vendor pom artifactid jettison Low Vendor file name jettison High Product jar package name codehaus Highest Product jar package name jettison Highest Product jar package name json Highest Product pom groupid codehaus.jettison Highest Product Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium Product Manifest Bundle-Name jettison Medium Product pom name Jettison High Product Manifest Implementation-Title Jettison High Product file name jettison High Product pom artifactid jettison Highest Version Manifest Implementation-Version 1.2 High Version Manifest Bundle-Version 1.2 High Version file version 1.2 High Version pom version 1.2 Highest
jna-4.2.2.jarDescription:
Java Native Access License:
LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jna-4.2.2.jar
MD5: 78eb97e642452eb30aea5f76e52a7603
SHA1: 5012450aee579c3118ff09461d5ce210e0cdc2a9
SHA256: 1f38af54e06c6e6f6dbf39ba2c052b952dea5dddb4871127b34639ddeb11bdbe
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest bundle-category jni Low Vendor jar package name sun Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest Implementation-Vendor JNA Development Team High Vendor pom url java-native-access/jna Highest Vendor jar (hint) package name oracle Low Vendor jar package name jna Low Vendor pom name Java Native Access High Vendor jar package name jna Highest Vendor file name jna High Vendor jar (hint) package name oracle Highest Vendor pom artifactid jna Low Vendor Manifest specification-vendor JNA Development Team Low Vendor jar package name sun Highest Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low Vendor central groupid net.java.dev.jna Highest Vendor pom groupid net.java.dev.jna Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest Implementation-Title com.sun.jna High Product pom url java-native-access/jna High Product jar package name win32 Highest Product jar package name jna Low Product pom name Java Native Access High Product jar package name library Highest Product jar package name jna Highest Product file name jna High Product jar package name native Highest Product pom artifactid jna Highest Product jar package name sun Highest Product central artifactid jna Highest Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low Product Manifest specification-title Java Native Access (JNA) Medium Product pom groupid net.java.dev.jna Highest Version file version 4.2.2 High Version central version 4.2.2 Highest Version pom version 4.2.2 Highest Version Manifest Bundle-Version 4.2.2 High
Related Dependencies jna-4.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jna-4.2.2.jar MD5: 78eb97e642452eb30aea5f76e52a7603 SHA1: 5012450aee579c3118ff09461d5ce210e0cdc2a9 SHA256: 1f38af54e06c6e6f6dbf39ba2c052b952dea5dddb4871127b34639ddeb11bdbe jna-4.2.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jna-4.2.2.jar MD5: 78eb97e642452eb30aea5f76e52a7603 SHA1: 5012450aee579c3118ff09461d5ce210e0cdc2a9 SHA256: 1f38af54e06c6e6f6dbf39ba2c052b952dea5dddb4871127b34639ddeb11bdbe jna-4.2.2.jar: jnidispatch.dllFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jna-4.2.2.jar/com/sun/jna/w32ce-arm/jnidispatch.dllMD5: 57697cbdd321ae7d06f5da04e821f908SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51SHA256: 361e173e6e50cb1bf8b7fab38c1ff99686ea819e58ee30348e7756cb0418a9f6
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jna-4.2.2.jar: jnidispatch.dllFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jna-4.2.2.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: d2f0da769204b8c45c207d8f3d8fc37eSHA1: c6870c1b8be2dbf1d737c918963d2f183aa778e1SHA256: 064c34c9f92f6aca636b5b53006b539853268570f048f33155c6a6635d6c0e7b
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jna-4.2.2.jar: jnidispatch.dllFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jna-4.2.2.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: b04c620540a971e93390ba9ec7cc8641SHA1: cb612a48eff7c60c40a6bb64b78fb47d5709f5e7SHA256: 1b2af8b31416f68051db213bcdcf82775e29191b6d069c327988e02e654030ad
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
joda-time-2.9.7.jarDescription:
Date and time library to replace JDK date handling License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/joda-time-2.9.7.jar
MD5: 57ab2188241bd18a7392bfaf61ba33cd
SHA1: 6eb2e87ddb09e944bb88f06f19ba0638d4607ffd
SHA256: 2bcac56802ec8d6f16941ef8a8d5fee4032902ba9937549be220f0a06eb9f503
Evidence Type Source Name Value Confidence Vendor pom groupid joda-time Highest Vendor pom name Joda-Time High Vendor Manifest bundle-symbolicname joda-time Medium Vendor jar package name time Highest Vendor Manifest specification-vendor Joda.org Low Vendor Manifest Implementation-Vendor Joda.org High Vendor pom organization name Joda.org High Vendor pom artifactid joda-time Low Vendor pom organization url http://www.joda.org Medium Vendor Manifest extension-name joda-time Medium Vendor file name joda-time High Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low Vendor pom url http://www.joda.org/joda-time/ Highest Vendor jar package name joda Highest Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low Vendor Manifest Implementation-Vendor-Id org.joda Medium Product pom groupid joda-time Highest Product pom name Joda-Time High Product pom organization url http://www.joda.org Low Product jar package name time Highest Product Manifest bundle-symbolicname joda-time Medium Product Manifest specification-title Joda-Time Medium Product pom artifactid joda-time Highest Product Manifest Implementation-Title org.joda.time High Product Manifest extension-name joda-time Medium Product file name joda-time High Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low Product pom organization name Joda.org Low Product jar package name joda Highest Product Manifest implementation-url http://www.joda.org/joda-time/ Low Product pom url http://www.joda.org/joda-time/ Medium Product Manifest Bundle-Name Joda-Time Medium Version Manifest Implementation-Version 2.9.7 High Version Manifest Bundle-Version 2.9.7 High Version file version 2.9.7 High Version pom version 2.9.7 Highest
Related Dependencies joda-time-2.9.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/joda-time-2.9.7.jar MD5: 57ab2188241bd18a7392bfaf61ba33cd SHA1: 6eb2e87ddb09e944bb88f06f19ba0638d4607ffd SHA256: 2bcac56802ec8d6f16941ef8a8d5fee4032902ba9937549be220f0a06eb9f503 joda-time-2.9.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/joda-time-2.9.7.jar MD5: 57ab2188241bd18a7392bfaf61ba33cd SHA1: 6eb2e87ddb09e944bb88f06f19ba0638d4607ffd SHA256: 2bcac56802ec8d6f16941ef8a8d5fee4032902ba9937549be220f0a06eb9f503 joda-time-2.9.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/joda-time-2.9.7.jar MD5: 57ab2188241bd18a7392bfaf61ba33cd SHA1: 6eb2e87ddb09e944bb88f06f19ba0638d4607ffd SHA256: 2bcac56802ec8d6f16941ef8a8d5fee4032902ba9937549be220f0a06eb9f503 joda-time-2.9.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/joda-time-2.9.7.jar MD5: 57ab2188241bd18a7392bfaf61ba33cd SHA1: 6eb2e87ddb09e944bb88f06f19ba0638d4607ffd SHA256: 2bcac56802ec8d6f16941ef8a8d5fee4032902ba9937549be220f0a06eb9f503 jopt-simple-4.6.jarDescription:
A Java library for parsing command line options License:
The MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jopt-simple-4.6.jar
MD5: 13560a58a79b46b82057686543e8d727
SHA1: 306816fb57cf94f108a43c95731b08934dcae15c
SHA256: 3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda
Evidence Type Source Name Value Confidence Vendor pom url http://pholser.github.com/jopt-simple Highest Vendor file name jopt-simple High Vendor pom name JOpt Simple High Vendor pom groupid net.sf.jopt-simple Highest Vendor jar package name joptsimple Low Vendor pom artifactid jopt-simple Low Product pom artifactid jopt-simple Highest Product pom url http://pholser.github.com/jopt-simple Medium Product file name jopt-simple High Product pom name JOpt Simple High Product pom groupid net.sf.jopt-simple Highest Version file version 4.6 High Version pom version 4.6 Highest
jopt-simple-5.0.2.jarDescription:
A Java library for parsing command line options License:
The MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jopt-simple-5.0.2.jar
MD5: 22d04887411554d11534653a40ea325a
SHA1: 98cafc6081d5632b61be2c9e60650b64ddbc637c
SHA256: 457877c79e038f390557db5f8e92c4436fb4f4b3ba63f28bc228500fee080193
Evidence Type Source Name Value Confidence Vendor pom url http://pholser.github.io/jopt-simple Highest Vendor Manifest bundle-symbolicname net.sf.jopt-simple.jopt-simple Medium Vendor file name jopt-simple High Vendor pom name JOpt Simple High Vendor pom groupid net.sf.jopt-simple Highest Vendor pom artifactid jopt-simple Low Product pom artifactid jopt-simple Highest Product Manifest bundle-symbolicname net.sf.jopt-simple.jopt-simple Medium Product file name jopt-simple High Product Manifest Bundle-Name jopt-simple Medium Product pom url http://pholser.github.io/jopt-simple Medium Product pom name JOpt Simple High Product pom groupid net.sf.jopt-simple Highest Version Manifest Bundle-Version 5.0.2 High Version file version 5.0.2 High Version pom version 5.0.2 Highest
Related Dependencies jopt-simple-5.0.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jopt-simple-5.0.2.jar MD5: 22d04887411554d11534653a40ea325a SHA1: 98cafc6081d5632b61be2c9e60650b64ddbc637c SHA256: 457877c79e038f390557db5f8e92c4436fb4f4b3ba63f28bc228500fee080193 jopt-simple-5.0.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jopt-simple-5.0.2.jar MD5: 22d04887411554d11534653a40ea325a SHA1: 98cafc6081d5632b61be2c9e60650b64ddbc637c SHA256: 457877c79e038f390557db5f8e92c4436fb4f4b3ba63f28bc228500fee080193 json-20140107.jarDescription:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.
The package compiles on Java 1.2 thru Java 1.4.
License:
The JSON License: http://json.org/license.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/json-20140107.jar
MD5: 8ca2437d3dbbaa2e76195adedfd901f4
SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3
SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
Evidence Type Source Name Value Confidence Vendor pom groupid json Highest Vendor jar package name http Highest Vendor jar package name json Low Vendor jar package name cdl Highest Vendor jar package name json Highest Vendor pom name JSON in Java High Vendor pom url douglascrockford/JSON-java Highest Vendor file name json-20140107 High Vendor pom artifactid json Low Vendor jar package name xml Highest Product pom groupid json Highest Product jar package name http Highest Product jar package name cdl Highest Product jar package name json Highest Product pom name JSON in Java High Product file name json-20140107 High Product jar package name xml Highest Product pom artifactid json Highest Product pom url douglascrockford/JSON-java High Version file version 20140107 Medium Version pom version 20140107 Highest
Related Dependencies json-20140107.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/json-20140107.jar MD5: 8ca2437d3dbbaa2e76195adedfd901f4 SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3 SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622 json-20140107.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/json-20140107.jar MD5: 8ca2437d3dbbaa2e76195adedfd901f4 SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3 SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622 json-20140107.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/json-20140107.jar MD5: 8ca2437d3dbbaa2e76195adedfd901f4 SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3 SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622 json-20140107.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/json-20140107.jar MD5: 8ca2437d3dbbaa2e76195adedfd901f4 SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3 SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622 json-lib-2.4-jdk15.jarDescription:
Java library for transforming beans, maps, collections, java
arrays and XML to JSON.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/json-lib-2.4-jdk15.jar
MD5: f5db294d05b3d5a5bfb873455b0a8626
SHA1: 136743e0d12df4e785e62b48618cee169b2ae546
SHA256: 8290f8871ebd3db52e36c6fa844fe172895b2c714ea589cfed3d78ad9c01a924
Evidence Type Source Name Value Confidence Vendor pom url http://json-lib.sourceforge.net Highest Vendor file name json-lib High Vendor jar package name net Low Vendor pom groupid net.sf.json-lib Highest Vendor pom artifactid json-lib Low Vendor central groupid net.sf.json-lib High Vendor pom groupid hynnet Highest Vendor pom name json-lib High Vendor jar package name json Low Vendor pom organization url http://json-lib.sourceforge.net Medium Vendor pom organization name Json-lib High Vendor pom name json-lib for jdk 1.5 High Vendor jar package name sf Low Vendor central groupid com.hynnet High Product file name json-lib High Product pom groupid net.sf.json-lib Highest Product pom organization url http://json-lib.sourceforge.net Low Product pom artifactid json-lib Highest Product pom organization name Json-lib Low Product pom groupid hynnet Highest Product pom name json-lib High Product jar package name json Low Product pom name json-lib for jdk 1.5 High Product jar package name sf Low Product central artifactid json-lib High Product pom url http://json-lib.sourceforge.net Medium Version pom version 2.4 Highest Version central version 2.4 High
json-patch-1.6.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/json-patch-1.6.jar
MD5: 1f19e6bf78d7ef5b35b4febe1586c854
SHA1: 08c7a8da998228261d5eec90c5aeb382d1ff723c
SHA256: ad661820863cb530b77e97625a2e1ead886da2a343da2d455564a85bea813b5e
Evidence Type Source Name Value Confidence Vendor file name json-patch High Vendor central groupid com.github.fge Highest Vendor jar package name github Low Vendor pom artifactid json-patch Low Vendor pom url fge/json-patch Highest Vendor jar package name jsonpatch Low Vendor jar package name github Highest Vendor jar package name fge Low Vendor pom groupid github.fge Highest Vendor pom name null High Vendor jar package name fge Highest Vendor Manifest bundle-symbolicname com.github.fge.json-patch Medium Product file name json-patch High Product pom artifactid json-patch Highest Product jar package name jsonpatch Low Product jar package name github Highest Product Manifest Bundle-Name json-patch Medium Product jar package name fge Low Product central artifactid json-patch Highest Product pom groupid github.fge Highest Product pom name null High Product jar package name fge Highest Product pom url fge/json-patch High Product Manifest bundle-symbolicname com.github.fge.json-patch Medium Version Manifest Bundle-Version 1.6 High Version central version 1.6 Highest Version pom version 1.6 Highest Version file version 1.6 High
json-path-2.2.0.jarDescription:
Java port of Stefan Goessner JsonPath. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/json-path-2.2.0.jar
MD5: 98ec1b51b19c21a32845ba3498df6629
SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb
SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd
Evidence Type Source Name Value Confidence Vendor jar package name jayway Low Vendor central groupid com.jayway.jsonpath Highest Vendor pom artifactid json-path Low Vendor pom groupid jayway.jsonpath Highest Vendor Manifest bundle-symbolicname com.jayway.jsonpath.json-path Medium Vendor jar package name jsonpath Highest Vendor jar package name internal Low Vendor jar package name jsonpath Low Vendor pom name Json Path High Vendor jar package name jayway Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom url jayway/JsonPath Highest Vendor file name json-path High Product Manifest Implementation-Title json-path High Product pom groupid jayway.jsonpath Highest Product Manifest bundle-symbolicname com.jayway.jsonpath.json-path Medium Product pom url jayway/JsonPath High Product Manifest Bundle-Name json-path Medium Product jar package name jsonpath Highest Product jar package name internal Low Product jar package name jsonpath Low Product pom name Json Path High Product jar package name filter Highest Product jar package name path Highest Product jar package name json Highest Product jar package name jayway Highest Product central artifactid json-path Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product file name json-path High Product pom artifactid json-path Highest Version pom version 2.2.0 Highest Version central version 2.2.0 Highest Version file version 2.2.0 High Version Manifest Implementation-Version 2.2.0 High Version Manifest Bundle-Version 2.2.0 High
Related Dependencies json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-path-2.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/json-path-2.2.0.jar MD5: 98ec1b51b19c21a32845ba3498df6629 SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb SHA256: f74833d885773a0a3a937ebdb632ca2ff6d95b52cf7f5725de6dd688844207cd json-schema-core-1.2.1.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/json-schema-core-1.2.1.jar
MD5: 12e7921cd1f77d14d561fc216536e118
SHA1: 248410bcfeac7d50b9b4eb03f311fd554962794a
SHA256: 1baa531318af3d3023bd0b85edd57cad74901b379f44327872ed765a2e3eb61b
Evidence Type Source Name Value Confidence Vendor central groupid com.github.fge Highest Vendor jar package name github Low Vendor pom url fge/json-schema-core Highest Vendor jar package name core Highest Vendor Manifest bundle-symbolicname com.github.fge.json-schema-core Medium Vendor jar package name github Highest Vendor file name json-schema-core High Vendor jar package name fge Low Vendor pom groupid github.fge Highest Vendor pom name null High Vendor pom artifactid json-schema-core Low Vendor jar package name fge Highest Vendor jar package name jsonschema Low Product Manifest Bundle-Name json-schema-core Medium Product jar package name core Highest Product pom artifactid json-schema-core Highest Product central artifactid json-schema-core Highest Product Manifest bundle-symbolicname com.github.fge.json-schema-core Medium Product jar package name github Highest Product jar package name core Low Product file name json-schema-core High Product jar package name fge Low Product pom groupid github.fge Highest Product pom name null High Product jar package name fge Highest Product pom url fge/json-schema-core High Product jar package name jsonschema Low Version file version 1.2.1 High Version Manifest Bundle-Version 1.2.1 High Version pom version 1.2.1 Highest Version central version 1.2.1 Highest
json-schema-validator-2.2.3.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/json-schema-validator-2.2.3.jar
MD5: d3af7154b31ef5b791f6d2bbc8c69bf6
SHA1: 06708b4ea223564a5db416738cf401a28d503948
SHA256: b5cea7cd5b970f7173e3bdcf98fdb149d2e9612a07bef1459426f8805e588ccd
Evidence Type Source Name Value Confidence Vendor central groupid com.github.fge Highest Vendor jar package name github Low Vendor jar package name github Highest Vendor file name json-schema-validator High Vendor pom url fge/json-schema-validator Highest Vendor pom artifactid json-schema-validator Low Vendor Manifest bundle-symbolicname com.github.fge.json-schema-validator Medium Vendor jar package name fge Low Vendor pom groupid github.fge Highest Vendor pom name null High Vendor jar package name fge Highest Vendor jar package name jsonschema Low Product Manifest Bundle-Name json-schema-validator Medium Product central artifactid json-schema-validator Highest Product pom artifactid json-schema-validator Highest Product jar package name github Highest Product file name json-schema-validator High Product Manifest bundle-symbolicname com.github.fge.json-schema-validator Medium Product jar package name fge Low Product pom groupid github.fge Highest Product pom name null High Product pom url fge/json-schema-validator High Product jar package name fge Highest Product jar package name jsonschema Low Version Manifest Bundle-Version 2.2.3 High Version file version 2.2.3 High Version central version 2.2.3 Highest Version pom version 2.2.3 Highest
json-smart-2.2.1.jarDescription:
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/json-smart-2.2.1.jar
MD5: 4c82c537eb0ba92adad494283711cc11
SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002
SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693
Evidence Type Source Name Value Confidence Vendor pom organization url http://www.minidev.net/ Medium Vendor Manifest bundle-docurl http://www.minidev.net/ Low Vendor pom name JSON Small and Fast Parser High Vendor Manifest bundle-symbolicname net.minidev.json-smart Medium Vendor pom url http://www.minidev.net/ Highest Vendor jar package name minidev Highest Vendor jar package name json Highest Vendor file name json-smart High Vendor pom organization name Chemouni Uriel High Vendor jar package name net Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid json-smart Low Vendor jar package name parser Highest Vendor pom groupid net.minidev Highest Product pom artifactid json-smart Highest Product Manifest bundle-docurl http://www.minidev.net/ Low Product pom name JSON Small and Fast Parser High Product Manifest Bundle-Name json-smart Medium Product Manifest bundle-symbolicname net.minidev.json-smart Medium Product pom organization name Chemouni Uriel Low Product jar package name minidev Highest Product pom organization url http://www.minidev.net/ Low Product jar package name json Highest Product file name json-smart High Product pom url http://www.minidev.net/ Medium Product jar package name net Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name parser Highest Product pom groupid net.minidev Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Bundle-Version 2.2.1 High
Related Dependencies json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 json-smart-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/json-smart-2.2.1.jar MD5: 4c82c537eb0ba92adad494283711cc11 SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002 SHA256: 871ff1fca0709fbf924a86704f1c7070e1ee774881c76feb1ba781351efe4693 jsonassert-1.4.0.jarDescription:
A library to develop RESTful but flexible APIs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/jsonassert-1.4.0.jar
MD5: 5d8b0cc1089c3dc08214f86a873d895b
SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb
SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7
Evidence Type Source Name Value Confidence Vendor pom url skyscreamer/JSONassert Highest Vendor jar package name skyscreamer Low Vendor pom groupid skyscreamer Highest Vendor jar package name jsonassert Low Vendor jar package name skyscreamer Highest Vendor file name jsonassert High Vendor jar package name jsonassert Highest Vendor pom artifactid jsonassert Low Vendor pom name JSONassert High Product pom url skyscreamer/JSONassert High Product pom artifactid jsonassert Highest Product pom groupid skyscreamer Highest Product jar package name jsonassert Low Product jar package name skyscreamer Highest Product file name jsonassert High Product jar package name jsonassert Highest Product pom name JSONassert High Version pom version 1.4.0 Highest Version file version 1.4.0 High
Related Dependencies jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsonassert-1.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jsonassert-1.4.0.jar MD5: 5d8b0cc1089c3dc08214f86a873d895b SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb SHA256: 35f6b365e54add81472e6069f71daca8de0c3a5c7db46febd18009b95e2784b7 jsoup-1.10.2.jarDescription:
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do. License:
The MIT License: https://jsoup.org/license File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jsoup-1.10.2.jar
MD5: 36145fee38e79b81035787f1be296a52
SHA1: 33ee82e324f4b1e40167f3dc5e01234a1c5cab61
SHA256: 6ebe6abd7775c10a49407ae22db45c840cd2cdaf715866a5b0b5af70941c3f4a
Evidence Type Source Name Value Confidence Vendor pom groupid jsoup Highest Vendor Manifest bundle-docurl https://jsoup.org/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest bundle-symbolicname org.jsoup Medium Vendor pom organization name Jonathan Hedley High Vendor pom name jsoup Java HTML Parser High Vendor jar package name jsoup Highest Vendor pom url https://jsoup.org/ Highest Vendor file name jsoup High Vendor pom artifactid jsoup Low Vendor pom organization url http://jonathanhedley.com/ Medium Vendor jar package name parser Highest Product pom url https://jsoup.org/ Medium Product pom groupid jsoup Highest Product pom organization name Jonathan Hedley Low Product Manifest bundle-docurl https://jsoup.org/ Low Product Manifest Bundle-Name jsoup Java HTML Parser Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest bundle-symbolicname org.jsoup Medium Product pom name jsoup Java HTML Parser High Product jar package name jsoup Highest Product file name jsoup High Product pom artifactid jsoup Highest Product pom organization url http://jonathanhedley.com/ Low Product jar package name parser Highest Version pom version 1.10.2 Highest Version file version 1.10.2 High Version Manifest Bundle-Version 1.10.2 High
Related Dependencies jsoup-1.10.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jsoup-1.10.2.jar MD5: 36145fee38e79b81035787f1be296a52 SHA1: 33ee82e324f4b1e40167f3dc5e01234a1c5cab61 SHA256: 6ebe6abd7775c10a49407ae22db45c840cd2cdaf715866a5b0b5af70941c3f4a jsoup-1.10.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jsoup-1.10.2.jar MD5: 36145fee38e79b81035787f1be296a52 SHA1: 33ee82e324f4b1e40167f3dc5e01234a1c5cab61 SHA256: 6ebe6abd7775c10a49407ae22db45c840cd2cdaf715866a5b0b5af70941c3f4a jsqlparser-0.9.5.jarDescription:
JSqlParser parses an SQL statement and translate it into a hierarchy of Java classes.
The generated hierarchy can be navigated using the Visitor Pattern. License:
GNU Library or Lesser General Public License (LGPL) V2.1: http://www.gnu.org/licenses/lgpl-2.1.html
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jsqlparser-0.9.5.jar
MD5: 6275e17803860e466b8d7c93c85176ae
SHA1: b1ee308d5a745b4e6a98e83af9a75a6f2e5828d0
SHA256: 4286fba4b610ee7dc0d7d66fa1edd4344e893e37495d11ec059aa470a38b952c
Evidence Type Source Name Value Confidence Vendor pom artifactid jsqlparser Low Vendor jar package name net Low Vendor file name jsqlparser High Vendor jar package name statement Highest Vendor pom groupid github.jsqlparser Highest Vendor jar package name jsqlparser Low Vendor jar package name jsqlparser Highest Vendor jar package name sf Low Vendor pom name JSQLParser library High Vendor pom organization name JSQLParser High Vendor pom url JSQLParser/JSqlParser Highest Product file name jsqlparser High Product jar package name statement Highest Product pom groupid github.jsqlparser Highest Product pom organization name JSQLParser Low Product jar package name jsqlparser Low Product pom artifactid jsqlparser Highest Product jar package name jsqlparser Highest Product jar package name sf Low Product pom name JSQLParser library High Product pom url JSQLParser/JSqlParser High Version pom version 0.9.5 Highest Version file version 0.9.5 High
Related Dependencies jsqlparser-0.9.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jsqlparser-0.9.5.jar MD5: 6275e17803860e466b8d7c93c85176ae SHA1: b1ee308d5a745b4e6a98e83af9a75a6f2e5828d0 SHA256: 4286fba4b610ee7dc0d7d66fa1edd4344e893e37495d11ec059aa470a38b952c jsqlparser-0.9.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jsqlparser-0.9.5.jar MD5: 6275e17803860e466b8d7c93c85176ae SHA1: b1ee308d5a745b4e6a98e83af9a75a6f2e5828d0 SHA256: 4286fba4b610ee7dc0d7d66fa1edd4344e893e37495d11ec059aa470a38b952c jsqlparser-0.9.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jsqlparser-0.9.5.jar MD5: 6275e17803860e466b8d7c93c85176ae SHA1: b1ee308d5a745b4e6a98e83af9a75a6f2e5828d0 SHA256: 4286fba4b610ee7dc0d7d66fa1edd4344e893e37495d11ec059aa470a38b952c jsqlparser-0.9.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jsqlparser-0.9.5.jar MD5: 6275e17803860e466b8d7c93c85176ae SHA1: b1ee308d5a745b4e6a98e83af9a75a6f2e5828d0 SHA256: 4286fba4b610ee7dc0d7d66fa1edd4344e893e37495d11ec059aa470a38b952c jsqlparser-0.9.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jsqlparser-0.9.5.jar MD5: 6275e17803860e466b8d7c93c85176ae SHA1: b1ee308d5a745b4e6a98e83af9a75a6f2e5828d0 SHA256: 4286fba4b610ee7dc0d7d66fa1edd4344e893e37495d11ec059aa470a38b952c jsr305-2.0.1.jarDescription:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jsr305-2.0.1.jar
MD5: 144c0767e2aaf0c21a935908d0e52c68
SHA1: 516c03b21d50a644d538de0f0369c620989cd8f0
SHA256: 1e7f53fa5b8b5c807e986ba335665da03f18d660802d8bf061823089d1bee468
Evidence Type Source Name Value Confidence Vendor pom artifactid jsr305 Low Vendor file name jsr305 High Vendor jar package name annotation Low Vendor pom name FindBugs-jsr305 High Vendor central groupid net.sourceforge.findbugs High Vendor pom name FindBugs High Vendor pom groupid net.sourceforge.findbugs Highest Vendor pom name jsr305 High Vendor central groupid com.google.code.findbugs High Vendor jar package name javax Low Vendor pom artifactid findbugs Low Vendor pom url http://findbugs.sourceforge.net/ Highest Vendor pom groupid google.code.findbugs Highest Product pom name jsr305 High Product pom artifactid findbugs Highest Product file name jsr305 High Product jar package name annotation Low Product pom name FindBugs-jsr305 High Product central artifactid jsr305 High Product pom name FindBugs High Product pom artifactid jsr305 Highest Product pom groupid net.sourceforge.findbugs Highest Product pom url http://findbugs.sourceforge.net/ Medium Product pom groupid google.code.findbugs Highest Version pom version 2.0.1 Highest Version central version 2.0.1 High Version file version 2.0.1 High
jul-to-slf4j-1.7.24.jarDescription:
JUL to SLF4J bridge File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/jul-to-slf4j-1.7.24.jarMD5: 8f13c04772e364c3ca0a1d9d979cc701SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fdSHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor file name jul-to-slf4j High Vendor pom parent-artifactid slf4j-parent Low Vendor jar package name slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor jar package name bridge Highest Vendor pom url http://www.slf4j.org Highest Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom artifactid jul-to-slf4j Low Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product file name jul-to-slf4j High Product pom name JUL to SLF4J bridge High Product jar package name bridge Highest Product pom groupid slf4j Highest Product pom parent-groupid org.slf4j Medium Product pom url http://www.slf4j.org Medium Product pom artifactid jul-to-slf4j Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product jar package name slf4j Highest Product Manifest Bundle-Name jul-to-slf4j Medium Version Manifest Implementation-Version 1.7.24 High Version Manifest Bundle-Version 1.7.24 High Version file version 1.7.24 High Version pom version 1.7.24 Highest
Related Dependencies jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 jul-to-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/jul-to-slf4j-1.7.24.jar MD5: 8f13c04772e364c3ca0a1d9d979cc701 SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd SHA256: 0056006ce1d23d6ffb2a6e331ae8496de69a630b152c07c79174b467dcd75576 junit-4.12.jarDescription:
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck. License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a
Evidence Type Source Name Value Confidence Vendor pom groupid junit Highest Vendor pom organization name JUnit High Vendor jar package name junit Low Vendor pom name JUnit High Vendor Manifest Implementation-Vendor-Id junit Medium Vendor central groupid junit Highest Vendor Manifest Implementation-Vendor JUnit High Vendor jar package name junit Highest Vendor pom url http://junit.org Highest Vendor pom organization url http://www.junit.org Medium Vendor pom artifactid junit Low Vendor file name junit High Product jar package name junit Highest Product pom groupid junit Highest Product pom name JUnit High Product file name junit High Product pom organization url http://www.junit.org Low Product central artifactid junit Highest Product pom artifactid junit Highest Product Manifest Implementation-Title JUnit High Product pom organization name JUnit Low Product pom url http://junit.org Medium Version file version 4.12 High Version pom version 4.12 Highest Version central version 4.12 Highest Version Manifest Implementation-Version 4.12 High
Related Dependencies junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a junit-4.12.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/junit-4.12.jar MD5: 5b38c40c97fbd0adee29f91e60405584 SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec SHA256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a lang-mustache-client-5.2.1.jarDescription:
Mustache scripting integration for Elasticsearch License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/lang-mustache-client-5.2.1.jar
MD5: 7057665ce8ec719b657cf4b9ace54be9
SHA1: cd8b50d633108bfe691f7cb5fed43f1bf6231788
SHA256: f7c1144f1b6f9b1dbf4329998e57aed1c6c93663f8b0e0fbd798078da0f49c82
Evidence Type Source Name Value Confidence Vendor Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Vendor pom name lang-mustache High Vendor jar package name script Low Vendor central groupid org.codelibs.elasticsearch.module High Vendor jar package name mustache Low Vendor pom groupid codelibs.elasticsearch.module Highest Vendor Manifest module-origin elastic/elasticsearch.git Low Vendor pom url elastic/elasticsearch Highest Vendor Manifest built-status integration Low Vendor Manifest change db0d481 Low Vendor Manifest build-date 2017-02-09T22:07:02.377Z Low Vendor jar package name elasticsearch Low Vendor Manifest module-source /modules/lang-mustache Low Vendor pom artifactid lang-mustache Low Vendor file name lang-mustache-client High Vendor Manifest built-os Linux Low Vendor pom artifactid lang-mustache-client Low Vendor central groupid org.elasticsearch.plugin High Vendor pom url codelibs/elasticsearch-module Highest Vendor pom groupid elasticsearch.plugin Highest Vendor Manifest x-compile-elasticsearch-snapshot false Low Product Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Product pom name lang-mustache High Product jar package name script Low Product pom url elastic/elasticsearch High Product Manifest Implementation-Title org.elasticsearch.plugin#lang-mustache;5.2.1 High Product jar package name mustache Low Product pom groupid codelibs.elasticsearch.module Highest Product Manifest module-origin elastic/elasticsearch.git Low Product jar package name mustache Highest Product pom artifactid lang-mustache Highest Product jar package name elasticsearch Highest Product Manifest built-status integration Low Product central artifactid lang-mustache-client High Product Manifest change db0d481 Low Product Manifest build-date 2017-02-09T22:07:02.377Z Low Product pom artifactid lang-mustache-client Highest Product Manifest module-source /modules/lang-mustache Low Product file name lang-mustache-client High Product central artifactid lang-mustache High Product pom url codelibs/elasticsearch-module High Product Manifest built-os Linux Low Product pom groupid elasticsearch.plugin Highest Product Manifest x-compile-elasticsearch-snapshot false Low Version pom version 5.2.1 Highest Version central version 5.2.1 High Version Manifest Implementation-Version 5.2.1 High Version Manifest x-compile-elasticsearch-version 5.2.1 Medium Version file version 5.2.1 High
Related Dependencies lang-mustache-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/lang-mustache-client-5.2.1.jar MD5: 7057665ce8ec719b657cf4b9ace54be9 SHA1: cd8b50d633108bfe691f7cb5fed43f1bf6231788 SHA256: f7c1144f1b6f9b1dbf4329998e57aed1c6c93663f8b0e0fbd798078da0f49c82 lang-mustache-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/lang-mustache-client-5.2.1.jar MD5: 7057665ce8ec719b657cf4b9ace54be9 SHA1: cd8b50d633108bfe691f7cb5fed43f1bf6231788 SHA256: f7c1144f1b6f9b1dbf4329998e57aed1c6c93663f8b0e0fbd798078da0f49c82 Published Vulnerabilities CVE-2019-7611 suppress
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-7614 suppress
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-7019 suppress
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. CWE-269 Improper Privilege Management
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
libphonenumber-6.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/libphonenumber-6.0.jarMD5: 71634687105283b8019662e07b8b0985SHA1: 64ab017d97b44eafa7a149bbd8dddfdf967b40deSHA256: 57c80aced94fb197a7d554525e426e50607609338bd4a5d8b4818e1c4bea7eec
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid libphonenumber-parent Low Vendor pom parent-groupid com.googlecode.libphonenumber Medium Vendor jar package name i18n Low Vendor pom url http://code.google.com/p/libphonenumber/ Highest Vendor jar package name google Low Vendor file name libphonenumber High Vendor pom groupid googlecode.libphonenumber Highest Vendor pom artifactid libphonenumber Low Vendor jar package name phonenumbers Low Product pom parent-groupid com.googlecode.libphonenumber Medium Product jar package name i18n Low Product file name libphonenumber High Product pom groupid googlecode.libphonenumber Highest Product pom artifactid libphonenumber Highest Product pom parent-artifactid libphonenumber-parent Medium Product jar package name phonenumbers Low Product pom url http://code.google.com/p/libphonenumber/ Medium Version pom version 6.0 Highest Version file version 6.0 High
Published Vulnerabilities CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (OSSINDEX) suppress
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.googlecode.libphonenumber:libphonenumber:6.0:*:*:*:*:*:*:* log4j-api-2.8.1.jarDescription:
The Apache Log4j API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/log4j-api-2.8.1.jar
MD5: a2ad9b058b4b03d43f3cc301701654e4
SHA1: e801d13612e22cad62a3f4f3fe7fdbe6334a8e72
SHA256: 1205ab764b1326f7d96d99baa4a4e12614599bf3d735790947748ee116511fa2
Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid log4j-api Low Vendor file name log4j-api High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor pom groupid apache.logging.log4j Highest Vendor pom parent-artifactid log4j Low Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor jar package name logging Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache Log4j API High Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest Implementation-Title Apache Log4j API High Product file name log4j-api High Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product pom groupid apache.logging.log4j Highest Product jar package name apache Highest Product pom parent-artifactid log4j Medium Product jar package name log4j Highest Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest log4jreleasemanager Ralph Goers Low Product Manifest specification-title Apache Log4j API Medium Product Manifest Bundle-Name Apache Log4j API Medium Product pom parent-groupid org.apache.logging.log4j Medium Product pom artifactid log4j-api Highest Product jar package name logging Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product pom name Apache Log4j API High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Version Manifest Bundle-Version 2.8.1 High Version Manifest Implementation-Version 2.8.1 High Version pom version 2.8.1 Highest Version file version 2.8.1 High Version Manifest log4jreleaseversion 2.8.1 Medium
Related Dependencies log4j-api-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/log4j-api-2.8.1.jar MD5: a2ad9b058b4b03d43f3cc301701654e4 SHA1: e801d13612e22cad62a3f4f3fe7fdbe6334a8e72 SHA256: 1205ab764b1326f7d96d99baa4a4e12614599bf3d735790947748ee116511fa2 log4j-to-slf4j-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/log4j-to-slf4j-2.8.1.jar MD5: a5fa9b447a25b3824e8a1388d0744052 SHA1: 2ffbb13a6f6efc0c1a010b87c590d3ef5db465c4 SHA256: d4d084864c8671372e1caccaaee330af615a6a60bc5fb338b94edb2a7bbdd6ad log4j-to-slf4j-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/log4j-to-slf4j-2.8.1.jar MD5: a5fa9b447a25b3824e8a1388d0744052 SHA1: 2ffbb13a6f6efc0c1a010b87c590d3ef5db465c4 SHA256: d4d084864c8671372e1caccaaee330af615a6a60bc5fb338b94edb2a7bbdd6ad log4j-api-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/log4j-api-2.8.1.jar MD5: a2ad9b058b4b03d43f3cc301701654e4 SHA1: e801d13612e22cad62a3f4f3fe7fdbe6334a8e72 SHA256: 1205ab764b1326f7d96d99baa4a4e12614599bf3d735790947748ee116511fa2 log4j-to-slf4j-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/log4j-to-slf4j-2.8.1.jar MD5: a5fa9b447a25b3824e8a1388d0744052 SHA1: 2ffbb13a6f6efc0c1a010b87c590d3ef5db465c4 SHA256: d4d084864c8671372e1caccaaee330af615a6a60bc5fb338b94edb2a7bbdd6ad pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.8.1 Published Vulnerabilities CVE-2017-5645 suppress
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-9488 suppress
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.7) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
log4j-over-slf4j-1.7.24.jarDescription:
Log4j implemented over SLF4J License:
Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/log4j-over-slf4j-1.7.24.jar
MD5: 196e88a341f9a807cca0630e8da46398
SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44
SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname log4j.over.slf4j Medium Vendor pom parent-artifactid slf4j-parent Low Vendor pom artifactid log4j-over-slf4j Low Vendor pom name Log4j Implemented Over SLF4J High Vendor pom url http://www.slf4j.org Highest Vendor jar package name log4j Highest Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor file name log4j-over-slf4j High Product pom parent-artifactid slf4j-parent Medium Product pom name Log4j Implemented Over SLF4J High Product Manifest Bundle-Name log4j-over-slf4j Medium Product jar package name log4j Highest Product pom groupid slf4j Highest Product pom parent-groupid org.slf4j Medium Product pom url http://www.slf4j.org Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname log4j.over.slf4j Medium Product Manifest Implementation-Title log4j-over-slf4j High Product file name log4j-over-slf4j High Product pom artifactid log4j-over-slf4j Highest Version Manifest Implementation-Version 1.7.24 High Version Manifest Bundle-Version 1.7.24 High Version file version 1.7.24 High Version pom version 1.7.24 Highest
Related Dependencies log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 log4j-over-slf4j-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/log4j-over-slf4j-1.7.24.jar MD5: 196e88a341f9a807cca0630e8da46398 SHA1: 6ab46c51a3848286a0db3ba7b22037b3834c3c44 SHA256: 90ec03fa2a945115da5c5e878c68a0d60e8efb25b831acbd1976326476fe18c2 logback-core-1.1.11.jarDescription:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/logback-core-1.1.11.jar
MD5: cc7a8deacd26b0aa2668779ce2721c0f
SHA1: 88b8df40340eed549fb07e2613879bf6b006704d
SHA256: 58738067842476feeae5768e832cd36a0e40ce41576ba5739c3632d376bd8c86
Evidence Type Source Name Value Confidence Vendor pom name Logback Core Module High Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom parent-artifactid logback-parent Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name logback Highest Vendor jar package name qos Highest Product pom name Logback Core Module High Product file name logback-core High Product jar package name ch Highest Product pom artifactid logback-core Highest Product jar package name core Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-docurl http://www.qos.ch Low Product pom groupid ch.qos.logback Highest Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product pom parent-artifactid logback-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name logback Highest Product jar package name qos Highest Product Manifest Bundle-Name Logback Core Module Medium Version pom version 1.1.11 Highest Version file version 1.1.11 High Version Manifest Bundle-Version 1.1.11 High
Related Dependencies logstash-gelf-1.13.0.jarLicense:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/logstash-gelf-1.13.0.jar
MD5: dbd69b92ab8e59fdcb626af1605fb45f
SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b
SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979
Evidence Type Source Name Value Confidence Vendor jar package name biz Highest Vendor pom url mp911de/logstash-gelf/ Highest Vendor jar package name gelf Highest Vendor jar package name biz Low Vendor file name logstash-gelf High Vendor pom artifactid logstash-gelf Low Vendor pom groupid biz.paluch.logging Highest Vendor pom name logstash logging connectors High Vendor jar package name logging Highest Vendor jar package name paluch Highest Vendor jar package name paluch Low Vendor jar package name logging Low Product jar package name biz Highest Product jar package name gelf Low Product jar package name gelf Highest Product file name logstash-gelf High Product pom groupid biz.paluch.logging Highest Product pom artifactid logstash-gelf Highest Product pom name logstash logging connectors High Product pom url mp911de/logstash-gelf/ High Product jar package name logging Highest Product jar package name paluch Highest Product jar package name paluch Low Product jar package name logging Low Version pom version 1.13.0 Highest Version file version 1.13.0 High
Related Dependencies logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-gelf-1.13.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/logstash-gelf-1.13.0.jar MD5: dbd69b92ab8e59fdcb626af1605fb45f SHA1: b6360e3dc7735f8bcb3b4cd8fda25095bc88e16b SHA256: 7ca2866a6e033d0aba9097e0ed54283da1736e935177caa216d301ec4aa1c979 logstash-logback-encoder-4.7.jarDescription:
Logback encoder which will output events as Logstash-compatible JSON License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
MIT License: http://www.slf4j.org/license.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/logstash-logback-encoder-4.7.jar
MD5: 145152eea66d75e28e09675533213727
SHA1: 851950c9d30b84bebbb78d5c6917b1ba77e67f13
SHA256: 1df772b92773937876a172ae4d43578780322a3e13b3aa39fff945a1fed9d96f
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname net.logstash.logback.logstash-logback-encoder Medium Vendor pom artifactid logstash-logback-encoder Low Vendor jar package name logstash Highest Vendor pom groupid net.logstash.logback Highest Vendor file name logstash-logback-encoder High Vendor pom url logstash/logstash-logback-encoder Highest Vendor jar package name net Highest Vendor jar package name logback Highest Vendor jar package name encoder Highest Vendor pom name Logstash Logback Encoder High Product Manifest bundle-symbolicname net.logstash.logback.logstash-logback-encoder Medium Product jar package name logstash Highest Product Manifest Bundle-Name Logstash Logback Encoder Medium Product pom groupid net.logstash.logback Highest Product file name logstash-logback-encoder High Product pom artifactid logstash-logback-encoder Highest Product pom url logstash/logstash-logback-encoder High Product jar package name net Highest Product jar package name logback Highest Product jar package name encoder Highest Product pom name Logstash Logback Encoder High Version file version 4.7 High Version pom version 4.7 Highest
Related Dependencies logstash-logback-encoder-4.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/logstash-logback-encoder-4.7.jar MD5: 145152eea66d75e28e09675533213727 SHA1: 851950c9d30b84bebbb78d5c6917b1ba77e67f13 SHA256: 1df772b92773937876a172ae4d43578780322a3e13b3aa39fff945a1fed9d96f logstash-logback-encoder-4.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/logstash-logback-encoder-4.7.jar MD5: 145152eea66d75e28e09675533213727 SHA1: 851950c9d30b84bebbb78d5c6917b1ba77e67f13 SHA256: 1df772b92773937876a172ae4d43578780322a3e13b3aa39fff945a1fed9d96f logstash-logback-encoder-4.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/logstash-logback-encoder-4.7.jar MD5: 145152eea66d75e28e09675533213727 SHA1: 851950c9d30b84bebbb78d5c6917b1ba77e67f13 SHA256: 1df772b92773937876a172ae4d43578780322a3e13b3aa39fff945a1fed9d96f logstash-logback-encoder-4.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/logstash-logback-encoder-4.7.jar MD5: 145152eea66d75e28e09675533213727 SHA1: 851950c9d30b84bebbb78d5c6917b1ba77e67f13 SHA256: 1df772b92773937876a172ae4d43578780322a3e13b3aa39fff945a1fed9d96f logstash-logback-encoder-4.7.jar (shaded: commons-lang:commons-lang:2.6)Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/logstash-logback-encoder-4.7.jar/META-INF/maven/commons-lang/commons-lang/pom.xmlMD5: cca9ee287cb26a44a2f65450a24957cdSHA1: 347d60b180fa80e5699d8e2cb72c99c93dda5454SHA256: ed76b8891c30b566289c743656f8a4d435986982438d40c567c626233247e711
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/lang/ Highest Vendor pom parent-artifactid commons-parent Low Vendor pom groupid commons-lang Highest Vendor pom artifactid commons-lang Low Vendor pom name Commons Lang High Product pom parent-groupid org.apache.commons Medium Product pom groupid commons-lang Highest Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/lang/ Medium Product pom artifactid commons-lang Highest Product pom name Commons Lang High Version pom version 2.6 Highest Version pom parent-version 2.6 Low
lombok-1.16.14.jarDescription:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! License:
The MIT License: https://projectlombok.org/LICENSE File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/lombok-1.16.14.jar
MD5: 899f69e58eb7881c7514c40b88a30143
SHA1: 8486573ff5a5f17f48920c860caf534e7461976b
SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6
Evidence Type Source Name Value Confidence Vendor jar package name lombok Low Vendor file name lombok High Vendor pom artifactid lombok Low Vendor central groupid org.projectlombok Highest Vendor pom name Project Lombok High Vendor pom groupid projectlombok Highest Vendor Manifest can-redefine-classes true Low Vendor pom url https://projectlombok.org Highest Product file name lombok High Product pom name Project Lombok High Product central artifactid lombok Highest Product pom artifactid lombok Highest Product pom groupid projectlombok Highest Product Manifest can-redefine-classes true Low Product pom url https://projectlombok.org Medium Version Manifest lombok-version 1.16.14 Medium Version pom version 1.16.14 Highest Version file version 1.16.14 High Version central version 1.16.14 Highest
Related Dependencies lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/lombok-1.16.14.jar MD5: 899f69e58eb7881c7514c40b88a30143 SHA1: 8486573ff5a5f17f48920c860caf534e7461976b SHA256: e6a2a08d11a13082e92ce172785f4b3f5443837172e1e30d232f681321be0bd6 lombok-1.16.14.jar: WindowsDriveInfo-i386.dllFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/lombok-1.16.14.jar/lombok/installer/WindowsDriveInfo-i386.dllMD5: c4d7064e400a22cc9a59d2d97382b5b8SHA1: 63ac163436b8400dcc25f7d13e7a86313fd28a98SHA256: f210056ba0dfd996646b91e92f4665399b33bf4da651dea26b4888f87215ec29
Evidence Type Source Name Value Confidence Vendor file name WindowsDriveInfo-i386 High Product file name WindowsDriveInfo-i386 High Version file name WindowsDriveInfo-i386 Medium Version file version 386 Medium
lombok-1.16.14.jar: WindowsDriveInfo-x86_64.dllFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/lombok-1.16.14.jar/lombok/installer/WindowsDriveInfo-x86_64.dllMD5: cdf042a66f9681f362c365131e3c38ddSHA1: a4598a189d82ae291faead4c0eec6abf22b256beSHA256: 4897fff1914b3534f61fbba4ef7e26892b1f32b525e06f1e264bf1eaf08ce4fe
Evidence Type Source Name Value Confidence Vendor file name WindowsDriveInfo-x86_64 High Product file name WindowsDriveInfo-x86_64 High
lucene-core-6.4.1.jarDescription:
Apache Lucene Java Core File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/lucene-core-6.4.1.jarMD5: 3b2931c1a4052f9ebe75f299ff393fefSHA1: 2a18924b9e0ed86b318902cb475a0b9ca4d7be5bSHA256: 0646d5ce1b746557c8ba1d99adc0b3740f34b5b8130e87c7304dc1b686e87dd5
Evidence Type Source Name Value Confidence Vendor jar package name lucene Low Vendor Manifest extension-name org.apache.lucene Medium Vendor jar package name lucene Highest Vendor file name lucene-core High Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid lucene-parent Low Vendor jar package name apache Low Vendor central groupid org.apache.lucene Highest Vendor pom artifactid lucene-core Low Vendor pom parent-groupid org.apache.lucene Medium Vendor pom name Lucene Core High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid apache.lucene Highest Product pom parent-artifactid lucene-parent Medium Product jar package name lucene Low Product pom artifactid lucene-core Highest Product Manifest extension-name org.apache.lucene Medium Product Manifest Implementation-Title org.apache.lucene High Product jar package name lucene Highest Product file name lucene-core High Product jar package name apache Highest Product central artifactid lucene-core Highest Product Manifest specification-title Lucene Search Engine: core Medium Product pom parent-groupid org.apache.lucene Medium Product pom name Lucene Core High Product pom groupid apache.lucene Highest Product jar package name search Highest Version central version 6.4.1 Highest Version pom version 6.4.1 Highest Version file version 6.4.1 High
Related Dependencies mail-1.4.7.jarDescription:
JavaMail API (compat) License:
http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
SHA256: 78c33b4f7c7b60f4b680f2d2405b1f063d71929cf1a4fbc328888379f365fcfb
Evidence Type Source Name Value Confidence Vendor jar package name provider Highest Vendor pom name JavaMail API (compat) High Vendor pom artifactid mail Low Vendor file name mail High Vendor Manifest extension-name javax.mail Medium Vendor Manifest bundle-symbolicname javax.mail Medium Vendor jar package name mail Highest Vendor Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor pom parent-groupid com.sun.mail Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor jar (hint) package name oracle Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest (hint) specification-vendor sun Low Vendor pom groupid javax.mail Highest Vendor jar package name sun Highest Vendor jar package name javax Highest Vendor Manifest Implementation-Vendor Oracle High Vendor pom parent-artifactid all Low Product Manifest Implementation-Title javax.mail High Product jar package name provider Highest Product pom name JavaMail API (compat) High Product file name mail High Product Manifest extension-name javax.mail Medium Product Manifest Bundle-Name JavaMail API (compat) Medium Product Manifest bundle-symbolicname javax.mail Medium Product jar package name mail Highest Product Manifest specification-title JavaMail(TM) API Design Specification Medium Product Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product pom parent-groupid com.sun.mail Medium Product Manifest bundle-docurl http://www.oracle.com Low Product pom groupid javax.mail Highest Product jar package name sun Highest Product jar package name javax Highest Product pom artifactid mail Highest Product pom parent-artifactid all Medium Version pom version 1.4.7 Highest Version file version 1.4.7 High Version Manifest Bundle-Version 1.4.7 High Version Manifest Implementation-Version 1.4.7 High
mailapi-1.4.3.jarDescription:
JavaMail API jar License:
http://www.sun.com/cddl, https://glassfish.dev.java.net/public/CDDL+GPL.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mailapi-1.4.3.jar
MD5: de1f54df6a55c4e77258cc77b51d3828
SHA1: 124600e35d9031da50e5f67661ffa741541f8f6a
SHA256: e83be4ed248cc554e8aab7c113cf3cb81240d895349d0758545507950cd23327
Evidence Type Source Name Value Confidence Vendor jar package name provider Highest Vendor Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low Vendor Manifest extension-name javax.mail Medium Vendor jar package name mail Highest Vendor Manifest bundle-symbolicname javax.mail.api Medium Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor pom name JavaMail API jar High Vendor pom parent-groupid com.sun.mail Medium Vendor file name mailapi High Vendor Manifest bundle-docurl http://www.sun.com Low Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor jar (hint) package name oracle Highest Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor pom artifactid mailapi Low Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor pom groupid javax.mail Highest Vendor jar package name sun Highest Vendor jar package name javax Highest Vendor pom parent-artifactid all Low Product Manifest Implementation-Title javax.mail High Product jar package name provider Highest Product Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low Product Manifest extension-name javax.mail Medium Product jar package name mail Highest Product Manifest specification-title JavaMail(TM) API Design Specification Medium Product Manifest bundle-symbolicname javax.mail.api Medium Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product pom name JavaMail API jar High Product pom parent-groupid com.sun.mail Medium Product file name mailapi High Product Manifest bundle-docurl http://www.sun.com Low Product Manifest Bundle-Name JavaMail API jar Medium Product pom groupid javax.mail Highest Product jar package name sun Highest Product pom artifactid mailapi Highest Product jar package name javax Highest Product pom parent-artifactid all Medium Version file version 1.4.3 High Version pom version 1.4.3 Highest Version Manifest Bundle-Version 1.4.3 High Version Manifest Implementation-Version 1.4.3 High
mapstruct-1.0.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mapstruct-1.0.0.Final.jarMD5: 0ede03aa7f158fcc81656081875ae632SHA1: 794bb2c7d3dd69211deb22857d92fb4c5361be3fSHA256: 145da694cfcf2230f509974d9413fddb489e07051965e60e3c10b2af44d9d6a0
Evidence Type Source Name Value Confidence Vendor file name mapstruct High Vendor pom name MapStruct Core High Vendor jar package name mapstruct Low Vendor pom parent-groupid org.mapstruct Medium Vendor jar package name mapstruct Highest Vendor pom parent-artifactid mapstruct-parent Low Vendor pom groupid mapstruct Highest Vendor pom artifactid mapstruct Low Product file name mapstruct High Product pom name MapStruct Core High Product pom parent-groupid org.mapstruct Medium Product jar package name mapstruct Highest Product pom parent-artifactid mapstruct-parent Medium Product pom groupid mapstruct Highest Product pom artifactid mapstruct Highest Version pom version 1.0.0.Final Highest
markup-document-builder-0.1.5.jarDescription:
A Markup (Markdown, AsciiDoc) document builder. License:
Apache-2.0: https://github.com/RobWin/markup-document-builder/blob/master/LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/markup-document-builder-0.1.5.jar
MD5: de8d3179418637f7f860664abb62b087
SHA1: ac23b3a2e34923ac4ad05ecd950ac18ad24f20ff
SHA256: 87129ee4e5fc2d6a36c0eec0d7fb838111a4acda7cb915839ac39bbd57c17aee
Evidence Type Source Name Value Confidence Vendor Manifest build-date 2015-11-12 Low Vendor pom url RobWin/markup-document-builder Highest Vendor jar package name github Low Vendor jar package name robwin Low Vendor Manifest build-time 10:58:29.656+0100 Low Vendor central groupid io.github.robwin Highest Vendor pom artifactid markup-document-builder Low Vendor pom groupid io.github.robwin Highest Vendor pom name markup-document-builder High Vendor file name markup-document-builder High Vendor jar package name io Low Product Manifest specification-title markup-document-builder Medium Product pom url RobWin/markup-document-builder High Product jar package name github Low Product Manifest build-time 10:58:29.656+0100 Low Product jar package name markup Low Product pom groupid io.github.robwin Highest Product pom name markup-document-builder High Product jar package name markup Highest Product Manifest build-date 2015-11-12 Low Product jar package name robwin Low Product file name markup-document-builder High Product central artifactid markup-document-builder Highest Product pom artifactid markup-document-builder Highest Product Manifest Implementation-Title markup-document-builder High Version pom version 0.1.5 Highest Version file version 0.1.5 High Version central version 0.1.5 Highest Version Manifest Implementation-Version 0.1.5 High
maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-artifact-2.2.1.jarMD5: 7b7613fd5db72967269abe7ab50b76e9SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor pom name Maven Artifact High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name artifact Highest Vendor pom artifactid maven-artifact Low Vendor pom parent-artifactid maven Low Vendor file name maven-artifact High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid apache.maven Highest Product pom artifactid maven-artifact Highest Product pom parent-groupid org.apache.maven Medium Product jar package name artifact Highest Product jar package name maven Highest Product Manifest Implementation-Title Maven Artifact High Product file name maven-artifact High Product pom parent-artifactid maven Medium Product jar package name apache Highest Product Manifest specification-title Maven Artifact Medium Product pom name Maven Artifact High Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-artifact-2.2.1.jar MD5: 7b7613fd5db72967269abe7ab50b76e9 SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8 SHA256: d53062ffe8677a4f5e1ad3a1d1fa37ed600fab39166d39be7ed204635c5f839b maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-artifact-manager-2.2.1.jarMD5: f3e76a8a83f422a900886543c48914f7SHA1: ec355b913c34d37080810f98e3f51abecbe1572bSHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor jar package name manager Highest Vendor pom artifactid maven-artifact-manager Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name artifact Highest Vendor pom parent-artifactid maven Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Maven Artifact Manager High Vendor file name maven-artifact-manager High Vendor pom groupid apache.maven Highest Product pom parent-groupid org.apache.maven Medium Product Manifest specification-title Maven Artifact Manager Medium Product jar package name maven Highest Product jar package name apache Highest Product Manifest Implementation-Title Maven Artifact Manager High Product jar package name manager Highest Product jar package name artifact Highest Product pom artifactid maven-artifact-manager Highest Product pom parent-artifactid maven Medium Product pom name Maven Artifact Manager High Product file name maven-artifact-manager High Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-artifact-manager-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-artifact-manager-2.2.1.jar MD5: f3e76a8a83f422a900886543c48914f7 SHA1: ec355b913c34d37080810f98e3f51abecbe1572b SHA256: d1e247c4ed3952385fd704ac9db2a222247cfe7d20508b4f3c76b90f857952ed maven-model-2.2.1.jarDescription:
Maven Model File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-model-2.2.1.jarMD5: b269f663e3440e40be4b696d9b7c2260SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8
Evidence Type Source Name Value Confidence Vendor file name maven-model High Vendor pom parent-groupid org.apache.maven Medium Vendor pom artifactid maven-model Low Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Maven Model High Vendor jar package name model Highest Vendor pom parent-artifactid maven Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid apache.maven Highest Product file name maven-model High Product Manifest specification-title Maven Model Medium Product pom parent-groupid org.apache.maven Medium Product jar package name maven Highest Product pom name Maven Model High Product Manifest Implementation-Title Maven Model High Product jar package name model Highest Product pom parent-artifactid maven Medium Product jar package name apache Highest Product pom artifactid maven-model Highest Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-model-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-model-2.2.1.jar MD5: b269f663e3440e40be4b696d9b7c2260 SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29 SHA256: 153b32f474fd676ec36ad807c508885005139140fc92168bb76bf6be31f8efb8 maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-plugin-api-2.2.1.jarMD5: 0ef36e831b92ac9697e0f72619910b8fSHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor pom artifactid maven-plugin-api Low Vendor jar package name maven Highest Vendor file name maven-plugin-api High Vendor jar package name plugin Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid maven Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Maven Plugin API High Vendor pom groupid apache.maven Highest Product pom parent-groupid org.apache.maven Medium Product Manifest specification-title Maven Plugin API Medium Product jar package name maven Highest Product Manifest Implementation-Title Maven Plugin API High Product file name maven-plugin-api High Product jar package name plugin Highest Product pom parent-artifactid maven Medium Product jar package name apache Highest Product pom artifactid maven-plugin-api Highest Product pom name Maven Plugin API High Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-plugin-api-2.2.1.jar MD5: 0ef36e831b92ac9697e0f72619910b8f SHA1: d60c36b60f760e0b5b87dd0c6311f93a72dc4585 SHA256: 72a47a963563009c5e8b851491ced3f63e2d276b862bde1f9d10d53abac5b22f maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-plugin-registry-2.2.1.jarMD5: 46a27ab81d327e3f5fd1d3e435fe2aadSHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfdSHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor jar package name maven Highest Vendor file name maven-plugin-registry High Vendor jar package name plugin Highest Vendor jar package name apache Highest Vendor pom artifactid maven-plugin-registry Low Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor jar package name registry Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Maven Plugin Registry Model High Vendor pom parent-artifactid maven Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid apache.maven Highest Product pom parent-groupid org.apache.maven Medium Product jar package name maven Highest Product file name maven-plugin-registry High Product jar package name plugin Highest Product jar package name apache Highest Product Manifest Implementation-Title Maven Plugin Registry Model High Product pom artifactid maven-plugin-registry Highest Product jar package name registry Highest Product Manifest specification-title Maven Plugin Registry Model Medium Product pom name Maven Plugin Registry Model High Product pom parent-artifactid maven Medium Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-plugin-registry-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-plugin-registry-2.2.1.jar MD5: 46a27ab81d327e3f5fd1d3e435fe2aad SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd SHA256: 4ad0673155d7e0e5cf6d13689802d8d507f38e5ea00a6d2fb92aef206108213d maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-profile-2.2.1.jarMD5: 53dd14e28aaad4bd5dd379dfdbf46a4cSHA1: 3950071587027e5086e9c395574a60650c432738SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor jar package name profile Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom name Maven Profile Model High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid maven Low Vendor file name maven-profile High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-profile Low Vendor pom groupid apache.maven Highest Product pom parent-groupid org.apache.maven Medium Product pom name Maven Profile Model High Product jar package name maven Highest Product Manifest Implementation-Title Maven Profile Model High Product pom artifactid maven-profile Highest Product Manifest specification-title Maven Profile Model Medium Product file name maven-profile High Product pom parent-artifactid maven Medium Product jar package name apache Highest Product jar package name profile Highest Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-profile-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-profile-2.2.1.jar MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c SHA1: 3950071587027e5086e9c395574a60650c432738 SHA256: ecaffef655fea6b138f0855a12f7dbb59fc0d6bffb5c1bfd31803cccb49ea08c maven-project-2.2.1.jarDescription:
This library is used to not only read Maven project object model files, but to assemble inheritence
and to retrieve remote models as required. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-project-2.2.1.jarMD5: 8f9382d7c0c120e94c2aaf8bbe817b6fSHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933fSHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor jar package name project Highest Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor file name maven-project High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom artifactid maven-project Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Maven Project Builder High Vendor pom parent-artifactid maven Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid apache.maven Highest Product jar package name project Highest Product pom parent-groupid org.apache.maven Medium Product jar package name maven Highest Product pom name Maven Project Builder High Product Manifest specification-title Maven Project Builder Medium Product Manifest Implementation-Title Maven Project Builder High Product pom parent-artifactid maven Medium Product jar package name apache Highest Product file name maven-project High Product pom artifactid maven-project Highest Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-project-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-project-2.2.1.jar MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f SHA256: 24ddb65b7a6c3befb6267ce5f739f237c84eba99389265c30df67c3dd8396a40 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-reporting-api-2.2.1.jarMD5: 5e680d893d92086dffd8cc42637ceb0fSHA1: 61942e490c112f84b3a1a61572d570f369414939SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77
Evidence Type Source Name Value Confidence Vendor jar package name maven Highest Vendor pom groupid apache.maven.reporting Highest Vendor pom artifactid maven-reporting-api Low Vendor jar package name apache Highest Vendor jar package name reporting Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.reporting Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name maven-reporting-api High Vendor pom parent-artifactid maven-reporting Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Maven Reporting API High Vendor pom parent-groupid org.apache.maven.reporting Medium Product jar package name maven Highest Product pom groupid apache.maven.reporting Highest Product file name maven-reporting-api High Product pom artifactid maven-reporting-api Highest Product jar package name apache Highest Product pom name Maven Reporting API High Product jar package name reporting Highest Product Manifest specification-title Maven Reporting API Medium Product pom parent-artifactid maven-reporting Medium Product pom parent-groupid org.apache.maven.reporting Medium Product Manifest Implementation-Title Maven Reporting API High Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-api-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-reporting-api-2.2.1.jar MD5: 5e680d893d92086dffd8cc42637ceb0f SHA1: 61942e490c112f84b3a1a61572d570f369414939 SHA256: 7339e0e8cf04574e9ce484713385888ca6ac6adc578a60a8e311261537df8c77 maven-reporting-impl-2.1.jarDescription:
Abstract classes to manage report generation. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-reporting-impl-2.1.jarMD5: b8f3f33547c8ce1a67fbb793a05eb504SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897
Evidence Type Source Name Value Confidence Vendor jar package name maven Highest Vendor pom groupid apache.maven.reporting Highest Vendor jar package name apache Highest Vendor jar package name reporting Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.reporting Medium Vendor pom name Maven Reporting Implementation High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid maven-reporting-impl Low Vendor pom parent-groupid org.apache.maven.shared Medium Vendor pom parent-artifactid maven-shared-components Low Vendor file name maven-reporting-impl High Vendor Manifest specification-vendor The Apache Software Foundation Low Product jar package name maven Highest Product pom groupid apache.maven.reporting Highest Product pom parent-groupid org.apache.maven.shared Medium Product pom parent-artifactid maven-shared-components Medium Product file name maven-reporting-impl High Product Manifest Implementation-Title Maven Reporting Implementation High Product jar package name apache Highest Product pom artifactid maven-reporting-impl Highest Product jar package name reporting Highest Product Manifest specification-title Maven Reporting Implementation Medium Product pom name Maven Reporting Implementation High Version pom parent-version 2.1 Low Version file version 2.1 High Version pom version 2.1 Highest Version Manifest Implementation-Version 2.1 High
Related Dependencies maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-reporting-impl-2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-reporting-impl-2.1.jar MD5: b8f3f33547c8ce1a67fbb793a05eb504 SHA1: 898da3a82a8dee7ce1d8a6e1d24efcc52ba28383 SHA256: 20185834514c2d99ea336aecb5c61017702b4dd837ede46234e7a957f70cb897 maven-repository-metadata-2.2.1.jarDescription:
Per-directory repository metadata. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-repository-metadata-2.2.1.jarMD5: c426b243119831168af2fbd767254f59SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor jar package name maven Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name maven-repository-metadata High Vendor pom artifactid maven-repository-metadata Low Vendor pom parent-artifactid maven Low Vendor jar package name repository Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Maven Repository Metadata Model High Vendor pom groupid apache.maven Highest Product pom parent-groupid org.apache.maven Medium Product jar package name maven Highest Product pom artifactid maven-repository-metadata Highest Product file name maven-repository-metadata High Product jar package name repository Highest Product Manifest Implementation-Title Maven Repository Metadata Model High Product pom parent-artifactid maven Medium Product jar package name apache Highest Product pom name Maven Repository Metadata Model High Product Manifest specification-title Maven Repository Metadata Model Medium Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-repository-metadata-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-repository-metadata-2.2.1.jar MD5: c426b243119831168af2fbd767254f59 SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06 SHA256: 5fe283f47b0e7f7d95a4252af3fa7a0db4d8f080cd9df308608c0472b8f168a1 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-settings-2.2.1.jarMD5: 7c3dcffd55434a860339dba78f0c165aSHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven Medium Vendor jar package name maven Highest Vendor pom artifactid maven-settings Low Vendor file name maven-settings High Vendor jar package name settings Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid maven Low Vendor pom name Maven Local Settings Model High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid apache.maven Highest Product pom parent-groupid org.apache.maven Medium Product jar package name maven Highest Product file name maven-settings High Product jar package name settings Highest Product pom artifactid maven-settings Highest Product pom name Maven Local Settings Model High Product pom parent-artifactid maven Medium Product Manifest Implementation-Title Maven Local Settings Model High Product jar package name apache Highest Product Manifest specification-title Maven Local Settings Model Medium Product pom groupid apache.maven Highest Version pom version 2.2.1 Highest Version file version 2.2.1 High Version Manifest Implementation-Version 2.2.1 High
Related Dependencies maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-settings-2.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-settings-2.2.1.jar MD5: 7c3dcffd55434a860339dba78f0c165a SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294 SHA256: 9a9f556713a404e770c9dbdaed7eb086078014c989291960c76fdde6db4192f7 maven-shared-io-1.1.jarDescription:
API for I/O support like logging, download or file scanning. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/maven-shared-io-1.1.jarMD5: fe668f50b2c0edc8707609f792ca4036SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240fSHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b
Evidence Type Source Name Value Confidence Vendor file name maven-shared-io High Vendor jar package name shared Highest Vendor pom artifactid maven-shared-io Low Vendor jar package name maven Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.shared Medium Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name io Highest Vendor pom groupid apache.maven.shared Highest Vendor pom parent-groupid org.apache.maven.shared Medium Vendor pom name Maven Shared I/O API High Vendor pom parent-artifactid maven-shared-components Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product file name maven-shared-io High Product jar package name shared Highest Product jar package name maven Highest Product pom artifactid maven-shared-io Highest Product pom parent-artifactid maven-shared-components Medium Product jar package name apache Highest Product Manifest Implementation-Title Maven Shared I/O API High Product Manifest specification-title Maven Shared I/O API Medium Product jar package name io Highest Product pom groupid apache.maven.shared Highest Product pom parent-groupid org.apache.maven.shared Medium Product pom name Maven Shared I/O API High Version Manifest Implementation-Version 1.1 High Version file version 1.1 High Version pom parent-version 1.1 Low Version pom version 1.1 Highest
Related Dependencies maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b maven-shared-io-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/maven-shared-io-1.1.jar MD5: fe668f50b2c0edc8707609f792ca4036 SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f SHA256: 10c0b971d692d2e3026aec6c49cbb12ddee4214e2a727603d1d309779ca2a62b mockito-core-1.10.19.jarDescription:
Mock objects library for java License:
The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/mockito-core-1.10.19.jar
MD5: c1967f0a515c4b8155f62478ec823464
SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe
SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8
Evidence Type Source Name Value Confidence Vendor file name mockito-core High Vendor pom groupid mockito Highest Vendor pom name Mockito High Vendor jar package name core Highest Vendor pom artifactid mockito-core Low Vendor Manifest bundle-symbolicname org.mockito.mockito-core Medium Vendor central groupid org.mockito Highest Vendor jar package name mockito Highest Vendor jar package name mockito Low Vendor pom url http://www.mockito.org Highest Product pom url http://www.mockito.org Medium Product Manifest Bundle-Name Mockito Mock Library for Java. Core bundle requires Hamcrest-core and Objenesis. Medium Product jar package name and Highest Product file name mockito-core High Product pom artifactid mockito-core Highest Product central artifactid mockito-core Highest Product pom groupid mockito Highest Product pom name Mockito High Product jar package name core Highest Product Manifest bundle-symbolicname org.mockito.mockito-core Medium Product jar package name mockito Highest Version central version 1.10.19 Highest Version Manifest Bundle-Version 1.10.19 High Version pom version 1.10.19 Highest Version file version 1.10.19 High
Related Dependencies mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 mockito-core-1.10.19.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/mockito-core-1.10.19.jar MD5: c1967f0a515c4b8155f62478ec823464 SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe SHA256: d5831ee4f71055800821a34a3051cf1ed5b3702f295ffebd50f65fb5d81a71b8 msg-simple-1.1.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/msg-simple-1.1.jar
MD5: b0d8d70468edff2e223b3d2f07cc5de1
SHA1: f261263e13dd4cfa93cc6b83f1f58f619097a2c4
SHA256: c3c5add3971a9a7f1868beb7607780d73f36bb611c7505de01f1baf49ab4ff75
Evidence Type Source Name Value Confidence Vendor central groupid com.github.fge Highest Vendor pom artifactid msg-simple Low Vendor jar package name github Low Vendor pom url fge/msg-simple Highest Vendor jar package name msgsimple Low Vendor Manifest bundle-symbolicname com.github.fge.msg-simple Medium Vendor jar package name github Highest Vendor jar package name fge Low Vendor pom groupid github.fge Highest Vendor pom name null High Vendor file name msg-simple High Vendor jar package name fge Highest Product central artifactid msg-simple Highest Product jar package name msgsimple Low Product Manifest bundle-symbolicname com.github.fge.msg-simple Medium Product jar package name github Highest Product pom url fge/msg-simple High Product jar package name fge Low Product pom groupid github.fge Highest Product pom artifactid msg-simple Highest Product pom name null High Product Manifest Bundle-Name msg-simple Medium Product file name msg-simple High Product jar package name fge Highest Version Manifest Bundle-Version 1.1 High Version file version 1.1 High Version pom version 1.1 Highest Version central version 1.1 Highest
mybatis-3.4.0.jarDescription:
The MyBatis SQL mapper framework makes it easier to use a relational database with object-oriented
applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or
annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object relational mapping
tools.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mybatis-3.4.0.jar
MD5: 02e20b3546b5e2e3896c5b34a546bf78
SHA1: 1b37a54d8ab403e56cb3ed717c25193474efa226
SHA256: 4dd9e2d44934b6bb0f52b0a31abc10c41b4b51496a7f724d2929b9428de8c578
Evidence Type Source Name Value Confidence Vendor jar package name mapping Highest Vendor pom groupid mybatis Highest Vendor Manifest bundle-docurl http://www.mybatis.org/mybatis-3 Low Vendor jar package name mapper Highest Vendor pom name mybatis High Vendor Manifest implementation-build-date 2016-04-17 17:43:25+0000 Low Vendor Manifest Implementation-Vendor-Id org.mybatis Medium Vendor pom url http://www.mybatis.org/mybatis-3 Highest Vendor jar package name tools Highest Vendor Manifest Implementation-Vendor MyBatis.org High Vendor Manifest implementation-url http://www.mybatis.org/mybatis-3 Low Vendor pom parent-artifactid mybatis-parent Low Vendor pom artifactid mybatis Low Vendor file name mybatis High Vendor Manifest specification-vendor MyBatis.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name xml Highest Vendor Manifest bundle-symbolicname org.mybatis.mybatis Medium Vendor pom parent-groupid org.mybatis Medium Vendor jar package name annotations Highest Vendor jar package name sql Highest Product jar package name mapping Highest Product pom groupid mybatis Highest Product Manifest bundle-docurl http://www.mybatis.org/mybatis-3 Low Product Manifest Bundle-Name mybatis Medium Product jar package name mapper Highest Product pom name mybatis High Product pom url http://www.mybatis.org/mybatis-3 Medium Product Manifest specification-title mybatis Medium Product Manifest implementation-build-date 2016-04-17 17:43:25+0000 Low Product Manifest Implementation-Title mybatis High Product pom parent-artifactid mybatis-parent Medium Product jar package name tools Highest Product Manifest implementation-url http://www.mybatis.org/mybatis-3 Low Product file name mybatis High Product pom artifactid mybatis Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name xml Highest Product Manifest bundle-symbolicname org.mybatis.mybatis Medium Product jar package name annotations Highest Product pom parent-groupid org.mybatis Medium Product jar package name sql Highest Version Manifest Bundle-Version 3.4.0 High Version file version 3.4.0 High Version Manifest Implementation-Version 3.4.0 High Version pom version 3.4.0 Highest Version pom parent-version 3.4.0 Low
Related Dependencies mybatis-3.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/mybatis-3.4.0.jar MD5: 02e20b3546b5e2e3896c5b34a546bf78 SHA1: 1b37a54d8ab403e56cb3ed717c25193474efa226 SHA256: 4dd9e2d44934b6bb0f52b0a31abc10c41b4b51496a7f724d2929b9428de8c578 mybatis-3.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/mybatis-3.4.0.jar MD5: 02e20b3546b5e2e3896c5b34a546bf78 SHA1: 1b37a54d8ab403e56cb3ed717c25193474efa226 SHA256: 4dd9e2d44934b6bb0f52b0a31abc10c41b4b51496a7f724d2929b9428de8c578 mybatis-3.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/mybatis-3.4.0.jar MD5: 02e20b3546b5e2e3896c5b34a546bf78 SHA1: 1b37a54d8ab403e56cb3ed717c25193474efa226 SHA256: 4dd9e2d44934b6bb0f52b0a31abc10c41b4b51496a7f724d2929b9428de8c578 mybatis-3.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/mybatis-3.4.0.jar MD5: 02e20b3546b5e2e3896c5b34a546bf78 SHA1: 1b37a54d8ab403e56cb3ed717c25193474efa226 SHA256: 4dd9e2d44934b6bb0f52b0a31abc10c41b4b51496a7f724d2929b9428de8c578 mybatis-3.4.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/mybatis-3.4.0.jar MD5: 02e20b3546b5e2e3896c5b34a546bf78 SHA1: 1b37a54d8ab403e56cb3ed717c25193474efa226 SHA256: 4dd9e2d44934b6bb0f52b0a31abc10c41b4b51496a7f724d2929b9428de8c578 Published Vulnerabilities CVE-2020-26945 suppress
MyBatis before 3.5.6 mishandles deserialization of object streams. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
mybatis-3.4.0.jar (shaded: ognl:ognl:3.1.2)Description:
OGNL - Object Graph Navigation Library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mybatis-3.4.0.jar/META-INF/maven/ognl/ognl/pom.xml
MD5: d2daa0ea875b2beedeba225ecf0a48dc
SHA1: e42cec9d349c070552bec0672630bd3440632f54
SHA256: 9b2bbb26394725d7f817488801d65cdb34e18898a12764d5185d3735434eb2db
Evidence Type Source Name Value Confidence Vendor pom groupid ognl Highest Vendor pom organization url http://www.opensymphony.com Medium Vendor pom artifactid ognl Low Vendor pom organization name OpenSymphony High Vendor pom url http://ognl.org Highest Vendor pom name OGNL - Object Graph Navigation Library High Product pom groupid ognl Highest Product pom organization name OpenSymphony Low Product pom organization url http://www.opensymphony.com Low Product pom url http://ognl.org Medium Product pom artifactid ognl Highest Product pom name OGNL - Object Graph Navigation Library High Version pom version 3.1.2 Highest
mybatis-3.4.0.jar (shaded: org.javassist:javassist:3.20.0-GA)Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mybatis-3.4.0.jar/META-INF/maven/org.javassist/javassist/pom.xml
MD5: 22f71cba1b0b5b0e42c350a587426b9a
SHA1: 9f7a4893d0a08a4ccf3bc59ea61b075035ef429d
SHA256: c588a6571150b118a5cdf0ed9255756abb66c8a5ceda62693fe1d718d983e7f3
Evidence Type Source Name Value Confidence Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom artifactid javassist Low Vendor pom name Javassist High Vendor pom groupid javassist Highest Vendor pom url http://www.javassist.org/ Highest Product pom artifactid javassist Highest Product pom name Javassist High Product pom url http://www.javassist.org/ Medium Product pom organization name Shigeru Chiba, www.javassist.org Low Product pom groupid javassist Highest Version pom version 3.20.0-GA Highest
mybatis-spring-1.3.0.jarDescription:
An easy-to-use Spring bridge for MyBatis sql mapping framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/mybatis-spring-1.3.0.jar
MD5: 10cfdab260d2bfdb7c38b5d050c17a99
SHA1: d1dbdc46cac543447ffd5aeda59f1a9bb34f0912
SHA256: 04884c0b66600180fb759a12cae280ab68ae996f09f5c63db296ad1e1e445bbe
Evidence Type Source Name Value Confidence Vendor pom groupid mybatis Highest Vendor pom name mybatis-spring High Vendor Manifest Implementation-Vendor-Id org.mybatis Medium Vendor Manifest implementation-url http://www.mybatis.org/spring/ Low Vendor Manifest Implementation-Vendor MyBatis.org High Vendor pom url http://www.mybatis.org/spring/ Highest Vendor pom parent-artifactid mybatis-parent Low Vendor Manifest bundle-symbolicname org.mybatis.mybatis-spring Medium Vendor jar package name spring Highest Vendor file name mybatis-spring High Vendor Manifest specification-vendor MyBatis.org Low Vendor pom artifactid mybatis-spring Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest implementation-build-date 2016-04-17 23:12:13+0000 Low Vendor Manifest bundle-docurl http://www.mybatis.org/spring/ Low Vendor jar package name mybatis Highest Vendor pom parent-groupid org.mybatis Medium Product pom groupid mybatis Highest Product pom artifactid mybatis-spring Highest Product pom name mybatis-spring High Product pom parent-artifactid mybatis-parent Medium Product Manifest implementation-url http://www.mybatis.org/spring/ Low Product pom url http://www.mybatis.org/spring/ Medium Product Manifest specification-title mybatis-spring Medium Product Manifest Implementation-Title mybatis-spring High Product Manifest bundle-symbolicname org.mybatis.mybatis-spring Medium Product jar package name spring Highest Product Manifest Bundle-Name mybatis-spring Medium Product file name mybatis-spring High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest implementation-build-date 2016-04-17 23:12:13+0000 Low Product Manifest bundle-docurl http://www.mybatis.org/spring/ Low Product jar package name mybatis Highest Product pom parent-groupid org.mybatis Medium Version Manifest Bundle-Version 1.3.0 High Version pom version 1.3.0 Highest Version pom parent-version 1.3.0 Low Version file version 1.3.0 High Version Manifest Implementation-Version 1.3.0 High
Related Dependencies mybatis-spring-1.3.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/mybatis-spring-1.3.0.jar MD5: 10cfdab260d2bfdb7c38b5d050c17a99 SHA1: d1dbdc46cac543447ffd5aeda59f1a9bb34f0912 SHA256: 04884c0b66600180fb759a12cae280ab68ae996f09f5c63db296ad1e1e445bbe mybatis-spring-1.3.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/mybatis-spring-1.3.0.jar MD5: 10cfdab260d2bfdb7c38b5d050c17a99 SHA1: d1dbdc46cac543447ffd5aeda59f1a9bb34f0912 SHA256: 04884c0b66600180fb759a12cae280ab68ae996f09f5c63db296ad1e1e445bbe mybatis-spring-1.3.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/mybatis-spring-1.3.0.jar MD5: 10cfdab260d2bfdb7c38b5d050c17a99 SHA1: d1dbdc46cac543447ffd5aeda59f1a9bb34f0912 SHA256: 04884c0b66600180fb759a12cae280ab68ae996f09f5c63db296ad1e1e445bbe mybatis-spring-1.3.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/mybatis-spring-1.3.0.jar MD5: 10cfdab260d2bfdb7c38b5d050c17a99 SHA1: d1dbdc46cac543447ffd5aeda59f1a9bb34f0912 SHA256: 04884c0b66600180fb759a12cae280ab68ae996f09f5c63db296ad1e1e445bbe mybatis-spring-1.3.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mybatis-spring-1.3.0.jar MD5: 10cfdab260d2bfdb7c38b5d050c17a99 SHA1: d1dbdc46cac543447ffd5aeda59f1a9bb34f0912 SHA256: 04884c0b66600180fb759a12cae280ab68ae996f09f5c63db296ad1e1e445bbe Published Vulnerabilities CVE-2020-26945 suppress
MyBatis before 3.5.6 mishandles deserialization of object streams. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
mybatis-spring-boot-starter-1.1.1.jarDescription:
Spring Boot Support for MyBatis License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/mybatis-spring-boot-starter-1.1.1.jar
MD5: b8a9687cd54b952d306bd935d76df4b6
SHA1: d0f14dd5e6cee6adc3d2bfee4c0a879dced80552
SHA256: 4e8bcdcb321cc849fc478598529b85e6c1c2caa4064d6838e588b85d8d23010f
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.mybatis.spring.boot Medium Vendor Manifest implementation-build-date 2016-04-19 00:19:48+0000 Low Vendor pom parent-artifactid mybatis-spring-boot Low Vendor file name mybatis-spring-boot-starter High Vendor Manifest bundle-symbolicname org.mybatis.spring.boot.mybatis-spring-boot-starter Medium Vendor Manifest bundle-docurl http://github.com/mybatis/spring-boot-starter/mybatis-spring-boot-starter/ Low Vendor pom name mybatis-spring-boot-starter High Vendor Manifest Implementation-Vendor MyBatis.org High Vendor pom artifactid mybatis-spring-boot-starter Low Vendor Manifest Implementation-Vendor-Id org.mybatis.spring.boot Medium Vendor Manifest specification-vendor MyBatis.org Low Vendor Manifest implementation-url http://github.com/mybatis/spring-boot-starter/mybatis-spring-boot-starter/ Low Vendor pom groupid mybatis.spring.boot Highest Product pom parent-groupid org.mybatis.spring.boot Medium Product Manifest implementation-build-date 2016-04-19 00:19:48+0000 Low Product file name mybatis-spring-boot-starter High Product pom artifactid mybatis-spring-boot-starter Highest Product Manifest Implementation-Title mybatis-spring-boot-starter High Product Manifest bundle-symbolicname org.mybatis.spring.boot.mybatis-spring-boot-starter Medium Product Manifest bundle-docurl http://github.com/mybatis/spring-boot-starter/mybatis-spring-boot-starter/ Low Product pom name mybatis-spring-boot-starter High Product pom parent-artifactid mybatis-spring-boot Medium Product Manifest specification-title mybatis-spring-boot-starter Medium Product Manifest Bundle-Name mybatis-spring-boot-starter Medium Product Manifest implementation-url http://github.com/mybatis/spring-boot-starter/mybatis-spring-boot-starter/ Low Product pom groupid mybatis.spring.boot Highest Version Manifest Implementation-Version 1.1.1 High Version Manifest Bundle-Version 1.1.1 High Version file version 1.1.1 High Version pom version 1.1.1 Highest
Related Dependencies mybatis-spring-boot-starter-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/mybatis-spring-boot-starter-1.1.1.jar MD5: b8a9687cd54b952d306bd935d76df4b6 SHA1: d0f14dd5e6cee6adc3d2bfee4c0a879dced80552 SHA256: 4e8bcdcb321cc849fc478598529b85e6c1c2caa4064d6838e588b85d8d23010f mybatis-spring-boot-starter-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/mybatis-spring-boot-starter-1.1.1.jar MD5: b8a9687cd54b952d306bd935d76df4b6 SHA1: d0f14dd5e6cee6adc3d2bfee4c0a879dced80552 SHA256: 4e8bcdcb321cc849fc478598529b85e6c1c2caa4064d6838e588b85d8d23010f mybatis-spring-boot-autoconfigure-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/mybatis-spring-boot-autoconfigure-1.1.1.jar MD5: 61350752dbf6f5f0916bf9d930c98f9c SHA1: c7b01dca4aa80ec04c5dacf0348bb8c6ef40e9ce SHA256: f1f81b9eb797bba6eb3dcdecab260970c762fba53db55c9d69e34860a272314d mybatis-spring-boot-starter-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/mybatis-spring-boot-starter-1.1.1.jar MD5: b8a9687cd54b952d306bd935d76df4b6 SHA1: d0f14dd5e6cee6adc3d2bfee4c0a879dced80552 SHA256: 4e8bcdcb321cc849fc478598529b85e6c1c2caa4064d6838e588b85d8d23010f mybatis-spring-boot-autoconfigure-1.1.1.jar mybatis-spring-boot-starter-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/mybatis-spring-boot-starter-1.1.1.jar MD5: b8a9687cd54b952d306bd935d76df4b6 SHA1: d0f14dd5e6cee6adc3d2bfee4c0a879dced80552 SHA256: 4e8bcdcb321cc849fc478598529b85e6c1c2caa4064d6838e588b85d8d23010f mybatis-spring-boot-autoconfigure-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/mybatis-spring-boot-autoconfigure-1.1.1.jar MD5: 61350752dbf6f5f0916bf9d930c98f9c SHA1: c7b01dca4aa80ec04c5dacf0348bb8c6ef40e9ce SHA256: f1f81b9eb797bba6eb3dcdecab260970c762fba53db55c9d69e34860a272314d mybatis-spring-boot-autoconfigure-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/mybatis-spring-boot-autoconfigure-1.1.1.jar MD5: 61350752dbf6f5f0916bf9d930c98f9c SHA1: c7b01dca4aa80ec04c5dacf0348bb8c6ef40e9ce SHA256: f1f81b9eb797bba6eb3dcdecab260970c762fba53db55c9d69e34860a272314d mybatis-spring-boot-autoconfigure-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/mybatis-spring-boot-autoconfigure-1.1.1.jar MD5: 61350752dbf6f5f0916bf9d930c98f9c SHA1: c7b01dca4aa80ec04c5dacf0348bb8c6ef40e9ce SHA256: f1f81b9eb797bba6eb3dcdecab260970c762fba53db55c9d69e34860a272314d mybatis-spring-boot-starter-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mybatis-spring-boot-starter-1.1.1.jar MD5: b8a9687cd54b952d306bd935d76df4b6 SHA1: d0f14dd5e6cee6adc3d2bfee4c0a879dced80552 SHA256: 4e8bcdcb321cc849fc478598529b85e6c1c2caa4064d6838e588b85d8d23010f mybatis-spring-boot-autoconfigure-1.1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/mybatis-spring-boot-autoconfigure-1.1.1.jar MD5: 61350752dbf6f5f0916bf9d930c98f9c SHA1: c7b01dca4aa80ec04c5dacf0348bb8c6ef40e9ce SHA256: f1f81b9eb797bba6eb3dcdecab260970c762fba53db55c9d69e34860a272314d Published Vulnerabilities CVE-2020-26945 suppress
MyBatis before 3.5.6 mishandles deserialization of object streams. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
mybatis-typehandlers-jsr310-1.0.1.jarDescription:
MyBatis Type Handlers supporting JSR-310 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mybatis-typehandlers-jsr310-1.0.1.jar
MD5: 2243e0493faa7cf28c10e2edddd25df5
SHA1: 82bf69b93e4d2403c144041a1e67d4df9aa1a2a0
SHA256: ebc5950b5dd909e76677c52c1003b4a3714c72f26c90081eb8b66f1750f0c6bb
Evidence Type Source Name Value Confidence Vendor pom groupid mybatis Highest Vendor file name mybatis-typehandlers-jsr310 High Vendor Manifest bundle-docurl https://github.com/mybatis/typehandlers-jsr310 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom name mybatis-typehandlers-jsr310 High Vendor jar package name type Highest Vendor pom url mybatis/typehandlers-jsr310 Highest Vendor Manifest bundle-symbolicname org.mybatis.mybatis-typehandlers-jsr310 Medium Vendor Manifest Implementation-Vendor-Id org.mybatis Medium Vendor Manifest Implementation-Vendor MyBatis.org High Vendor Manifest implementation-url https://github.com/mybatis/typehandlers-jsr310 Low Vendor Manifest implementation-build-date 2016-06-25 18:45:18+0000 Low Vendor pom parent-artifactid mybatis-parent Low Vendor pom artifactid mybatis-typehandlers-jsr310 Low Vendor Manifest specification-vendor MyBatis.org Low Vendor pom parent-groupid org.mybatis Medium Product pom artifactid mybatis-typehandlers-jsr310 Highest Product pom groupid mybatis Highest Product file name mybatis-typehandlers-jsr310 High Product Manifest bundle-docurl https://github.com/mybatis/typehandlers-jsr310 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom name mybatis-typehandlers-jsr310 High Product jar package name type Highest Product pom parent-artifactid mybatis-parent Medium Product Manifest bundle-symbolicname org.mybatis.mybatis-typehandlers-jsr310 Medium Product Manifest specification-title mybatis-typehandlers-jsr310 Medium Product Manifest implementation-url https://github.com/mybatis/typehandlers-jsr310 Low Product Manifest implementation-build-date 2016-06-25 18:45:18+0000 Low Product Manifest Bundle-Name mybatis-typehandlers-jsr310 Medium Product Manifest Implementation-Title mybatis-typehandlers-jsr310 High Product pom url mybatis/typehandlers-jsr310 High Product pom parent-groupid org.mybatis Medium Version pom version 1.0.1 Highest Version pom parent-version 1.0.1 Low Version Manifest Bundle-Version 1.0.1 High Version file version 1.0.1 High Version Manifest Implementation-Version 1.0.1 High
Related Dependencies mybatis-typehandlers-jsr310-1.0.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/mybatis-typehandlers-jsr310-1.0.1.jar MD5: 2243e0493faa7cf28c10e2edddd25df5 SHA1: 82bf69b93e4d2403c144041a1e67d4df9aa1a2a0 SHA256: ebc5950b5dd909e76677c52c1003b4a3714c72f26c90081eb8b66f1750f0c6bb mybatis-typehandlers-jsr310-1.0.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/mybatis-typehandlers-jsr310-1.0.1.jar MD5: 2243e0493faa7cf28c10e2edddd25df5 SHA1: 82bf69b93e4d2403c144041a1e67d4df9aa1a2a0 SHA256: ebc5950b5dd909e76677c52c1003b4a3714c72f26c90081eb8b66f1750f0c6bb mybatis-typehandlers-jsr310-1.0.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/mybatis-typehandlers-jsr310-1.0.1.jar MD5: 2243e0493faa7cf28c10e2edddd25df5 SHA1: 82bf69b93e4d2403c144041a1e67d4df9aa1a2a0 SHA256: ebc5950b5dd909e76677c52c1003b4a3714c72f26c90081eb8b66f1750f0c6bb mybatis-typehandlers-jsr310-1.0.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/mybatis-typehandlers-jsr310-1.0.1.jar MD5: 2243e0493faa7cf28c10e2edddd25df5 SHA1: 82bf69b93e4d2403c144041a1e67d4df9aa1a2a0 SHA256: ebc5950b5dd909e76677c52c1003b4a3714c72f26c90081eb8b66f1750f0c6bb mybatis-typehandlers-jsr310-1.0.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/mybatis-typehandlers-jsr310-1.0.1.jar MD5: 2243e0493faa7cf28c10e2edddd25df5 SHA1: 82bf69b93e4d2403c144041a1e67d4df9aa1a2a0 SHA256: ebc5950b5dd909e76677c52c1003b4a3714c72f26c90081eb8b66f1750f0c6bb Published Vulnerabilities CVE-2020-26945 suppress
MyBatis before 3.5.6 mishandles deserialization of object streams. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
mysql-connector-java-5.1.41.jarDescription:
MySQL JDBC Type 4 driver License:
The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/mysql-connector-java-5.1.41.jar
MD5: eb844eb8920b73aebe8b89d06a6a648b
SHA1: b0878056f15616989144d6114d36d3942321d0d1
SHA256: 627c8d6a4956ae905f5445b0dc0d18ecbf88213cee089c998fcf5ced92a9da37
Evidence Type Source Name Value Confidence Vendor pom artifactid mysql-connector-java Low Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Vendor file name mysql-connector-java High Vendor jar package name jdbc Low Vendor pom name MySQL Connector/J High Vendor Manifest bundle-symbolicname com.mysql.jdbc Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor jar package name mysql Highest Vendor pom organization url http://www.oracle.com Medium Vendor hint analyzer vendor oracle Highest Vendor pom groupid mysql Highest Vendor central groupid mysql Highest Vendor jar package name mysql Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor jar package name jdbc Highest Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor Manifest Implementation-Vendor Oracle High Vendor pom organization name Oracle Corporation High Vendor hint analyzer (hint) vendor sun Highest Product jar package name driver Highest Product file name mysql-connector-java High Product pom organization url http://www.oracle.com Low Product jar package name jdbc Low Product pom name MySQL Connector/J High Product central artifactid mysql-connector-java Highest Product Manifest bundle-symbolicname com.mysql.jdbc Medium Product Manifest Bundle-Name Oracle Corporation's JDBC Driver for MySQL Medium Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Product jar package name mysql Highest Product hint analyzer product mysql_connector/j Highest Product pom groupid mysql Highest Product pom organization name Oracle Corporation Low Product hint analyzer product mysql_connectors Highest Product hint analyzer product mysql_connector_j Highest Product Manifest Implementation-Title MySQL Connector Java High Product Manifest specification-title JDBC Medium Product pom artifactid mysql-connector-java Highest Product jar package name jdbc Highest Version Manifest Bundle-Version 5.1.41 High Version Manifest Implementation-Version 5.1.41 High Version file version 5.1.41 High Version central version 5.1.41 Highest Version pom version 5.1.41 Highest
Related Dependencies mysql-connector-java-5.1.41.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/mysql-connector-java-5.1.41.jar MD5: eb844eb8920b73aebe8b89d06a6a648b SHA1: b0878056f15616989144d6114d36d3942321d0d1 SHA256: 627c8d6a4956ae905f5445b0dc0d18ecbf88213cee089c998fcf5ced92a9da37 mysql-connector-java-5.1.41.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/mysql-connector-java-5.1.41.jar MD5: eb844eb8920b73aebe8b89d06a6a648b SHA1: b0878056f15616989144d6114d36d3942321d0d1 SHA256: 627c8d6a4956ae905f5445b0dc0d18ecbf88213cee089c998fcf5ced92a9da37 mysql-connector-java-5.1.41.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/mysql-connector-java-5.1.41.jar MD5: eb844eb8920b73aebe8b89d06a6a648b SHA1: b0878056f15616989144d6114d36d3942321d0d1 SHA256: 627c8d6a4956ae905f5445b0dc0d18ecbf88213cee089c998fcf5ced92a9da37 mysql-connector-java-5.1.41.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/mysql-connector-java-5.1.41.jar MD5: eb844eb8920b73aebe8b89d06a6a648b SHA1: b0878056f15616989144d6114d36d3942321d0d1 SHA256: 627c8d6a4956ae905f5445b0dc0d18ecbf88213cee089c998fcf5ced92a9da37 mysql-connector-java-5.1.41.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/mysql-connector-java-5.1.41.jar MD5: eb844eb8920b73aebe8b89d06a6a648b SHA1: b0878056f15616989144d6114d36d3942321d0d1 SHA256: 627c8d6a4956ae905f5445b0dc0d18ecbf88213cee089c998fcf5ced92a9da37 mysql-connector-java-5.1.41.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/mysql-connector-java-5.1.41.jar MD5: eb844eb8920b73aebe8b89d06a6a648b SHA1: b0878056f15616989144d6114d36d3942321d0d1 SHA256: 627c8d6a4956ae905f5445b0dc0d18ecbf88213cee089c998fcf5ced92a9da37 Published Vulnerabilities CVE-2017-15945 suppress
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: HIGH (7.2) Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (7.8) Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2017-3589 suppress
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions:
CVE-2018-3258 suppress
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
CVE-2019-2692 suppress
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:L/AC:H/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: MEDIUM (6.3) Vector: /AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
CVE-2020-2875 suppress
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.7) Vector: /AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-2933 suppress
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: LOW (2.2) Vector: /AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L References:
Vulnerable Software & Versions:
CVE-2020-2934 suppress
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions: (show all )
nacos-api-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/nacos-api-1.2.0.jarMD5: 86b5c3725f5e1ba5a0cdb65a7c3e2377SHA1: 2fb594921572afe45a01d89326c1eb757c659c72SHA256: 79c1e7900ca5d4f745736bc65960293ba733b7b61ab8bf3f7828ba41c4940d7d
Evidence Type Source Name Value Confidence Vendor jar package name alibaba Highest Vendor jar package name api Low Vendor jar package name nacos Highest Vendor jar package name nacos Low Vendor pom parent-artifactid nacos-all Low Vendor jar package name api Highest Vendor pom name nacos-api ${project.version} High Vendor pom parent-groupid com.alibaba.nacos Medium Vendor file name nacos-api High Vendor pom groupid alibaba.nacos Highest Vendor pom artifactid nacos-api Low Vendor jar package name alibaba Low Vendor pom url http://maven.apache.org Highest Product jar package name alibaba Highest Product pom parent-artifactid nacos-all Medium Product jar package name api Low Product jar package name nacos Highest Product jar package name nacos Low Product pom artifactid nacos-api Highest Product jar package name api Highest Product pom name nacos-api ${project.version} High Product pom url http://maven.apache.org Medium Product pom parent-groupid com.alibaba.nacos Medium Product file name nacos-api High Product pom groupid alibaba.nacos Highest Version file version 1.2.0 High Version pom version 1.2.0 Highest
Related Dependencies nacos-common-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/nacos-common-1.2.0.jar MD5: 220664284903d18e63ff24ba7655a6d4 SHA1: 91249d3d17b3d7d8190903104c75aeabbdbc1003 SHA256: f593d7a79a28c126a6813323b145e405376ed09afc3ef55bd8b009b35d5e20c8 pkg:maven/com.alibaba.nacos/nacos-common@1.2.0 nacos-client-1.2.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/nacos-client-1.2.0.jar MD5: 06f936704b302805d48d24143d224645 SHA1: 6a24b831fba0a4a4130d221743c36b0563774c3e SHA256: 954c22c4932cb8ab6967a4c3b7acd533ae4a1b94e43dbbfbe12469141ee07eee pkg:maven/com.alibaba.nacos/nacos-client@1.2.0 nacos-spring-boot-base-0.1.7.jarDescription:
Nacos Spring Boot Base File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/nacos-spring-boot-base-0.1.7.jarMD5: 26b8138b1f155fc8e426b7e81f9c35e4SHA1: 793712b1e7beee522193463db299e927274be0c2SHA256: f133f7f7a52287f62d562b4ba42f087a80e03ff587b287ce108313c1dd3b91fd
Evidence Type Source Name Value Confidence Vendor jar package name alibaba Highest Vendor pom parent-groupid com.alibaba.boot Medium Vendor pom name Nacos Spring Boot Base High Vendor pom groupid alibaba.boot Highest Vendor pom artifactid nacos-spring-boot-base Low Vendor pom parent-artifactid nacos-spring-boot-parent Low Vendor Manifest implementation-url https://github.com/nacos-group/nacos-spring-project/nacos-spring-boot-parent/nacos-spring-boot-base Low Vendor jar package name nacos Highest Vendor file name nacos-spring-boot-base High Vendor jar package name boot Highest Vendor Manifest Implementation-Vendor-Id com.alibaba.boot Medium Vendor Manifest Implementation-Vendor High Vendor Manifest specification-vendor Low Product jar package name alibaba Highest Product pom parent-groupid com.alibaba.boot Medium Product pom name Nacos Spring Boot Base High Product pom groupid alibaba.boot Highest Product Manifest specification-title Nacos Spring Boot Base Medium Product jar package name nacos Highest Product Manifest implementation-url https://github.com/nacos-group/nacos-spring-project/nacos-spring-boot-parent/nacos-spring-boot-base Low Product file name nacos-spring-boot-base High Product Manifest Implementation-Title Nacos Spring Boot Base High Product pom artifactid nacos-spring-boot-base Highest Product jar package name boot Highest Product pom parent-artifactid nacos-spring-boot-parent Medium Version file version 0.1.7 High Version pom version 0.1.7 Highest Version Manifest Implementation-Version 0.1.7 High
Related Dependencies nacos-config-spring-boot-autoconfigure-0.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/nacos-config-spring-boot-autoconfigure-0.1.7.jar MD5: 0f9fe4a2854b583f55bbb7cb2d11fd4c SHA1: 360a57b317e5f0e03931b2d8ef65db0fcef15259 SHA256: 2042533d47f57c5966d7fab452ac3d68fa81c85b80c8a27d092352a8ec1277de pkg:maven/com.alibaba.boot/nacos-config-spring-boot-autoconfigure@0.1.7 nacos-config-spring-boot-starter-0.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/nacos-config-spring-boot-starter-0.1.7.jar MD5: d5dff381ce22313ead9ea7bd1bdff273 SHA1: 64b162d08f2b604b03847584686703586425d397 SHA256: c51a668cdb0a412cf12a8cffc5b30b9408a461933249fbd3370504f5721af677 pkg:maven/com.alibaba.boot/nacos-config-spring-boot-starter@0.1.7 nacos-spring-context-0.3.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/nacos-spring-context-0.3.6.jarMD5: 3cd7fe609f3df78b517d559920a83cfcSHA1: 8f4675fc4408a1d18cb1d60680621157a055ba8bSHA256: 1063503f0c1008b55027efed7146eb6aac2a48d5515e5b001f483b36e4e355fd
Evidence Type Source Name Value Confidence Vendor jar package name alibaba Highest Vendor jar package name context Highest Vendor file name nacos-spring-context High Vendor jar package name spring Low Vendor pom artifactid nacos-spring-context Low Vendor pom parent-artifactid nacos-spring-parent Low Vendor jar package name nacos Highest Vendor jar package name nacos Low Vendor pom name Alibaba Nacos :: Spring :: Context High Vendor pom parent-groupid com.alibaba.nacos Medium Vendor pom groupid alibaba.nacos Highest Vendor jar package name spring Highest Vendor jar package name alibaba Low Product jar package name alibaba Highest Product jar package name context Highest Product file name nacos-spring-context High Product jar package name spring Low Product jar package name nacos Highest Product jar package name nacos Low Product pom name Alibaba Nacos :: Spring :: Context High Product pom parent-groupid com.alibaba.nacos Medium Product pom artifactid nacos-spring-context Highest Product pom groupid alibaba.nacos Highest Product jar package name spring Highest Product pom parent-artifactid nacos-spring-parent Medium Version file version 0.3.6 High Version pom version 0.3.6 Highest
netflix-commons-util-0.1.1.jarDescription:
netflix-commons-util developed by Netflix License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/netflix-commons-util-0.1.1.jar
MD5: 39797b7f8b2dfb710f79f21be1b68e3f
SHA1: 39e67061780476f207b31465baaed84a91ff659f
SHA256: 3b5336df78667d56d84e8fef0910188ede7a08aa81788e05378266a30477d28b
Evidence Type Source Name Value Confidence Vendor pom groupid netflix.netflix-commons Highest Vendor jar package name netflix Low Vendor pom artifactid netflix-commons-util Low Vendor central groupid com.netflix.netflix-commons Highest Vendor pom name netflix-commons-util High Vendor pom url Netflix/netflix-commons Highest Vendor jar package name util Low Vendor file name netflix-commons-util High Product pom groupid netflix.netflix-commons Highest Product pom name netflix-commons-util High Product central artifactid netflix-commons-util Highest Product jar package name util Low Product pom url Netflix/netflix-commons High Product file name netflix-commons-util High Product pom artifactid netflix-commons-util Highest Version pom version 0.1.1 Highest Version central version 0.1.1 Highest Version file version 0.1.1 High
netty-3.10.6.Final.jarDescription:
The Netty project is an effort to provide an asynchronous event-driven
network application framework and tools for rapid development of
maintainable high performance and high scalability protocol servers and
clients. In other words, Netty is a NIO client server framework which
enables quick and easy development of network applications such as protocol
servers and clients. It greatly simplifies and streamlines network
programming such as TCP and UDP socket server.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/netty-3.10.6.Final.jar
MD5: e9cdf01138257f48d796fb2cf67af53e
SHA1: 18ed04a0e502896552854926e908509db2987a00
SHA256: 8768a50fbe3d93a88d8e6000ea5d68e30f50dc915b3764c3c5870f70c4fb3b49
Evidence Type Source Name Value Confidence Vendor pom artifactid netty Low Vendor Manifest eclipse-buddypolicy registered Low Vendor pom organization url http://netty.io/ Medium Vendor file name netty High Vendor pom organization name The Netty Project High Vendor jar package name jboss Highest Vendor Manifest bundle-docurl http://netty.io/ Low Vendor Manifest bundle-buddypolicy registered Low Vendor pom name Netty High Vendor pom groupid io.netty Highest Vendor pom url http://netty.io/ Highest Vendor jar package name netty Highest Vendor Manifest bundle-symbolicname org.jboss.netty Medium Product Manifest eclipse-buddypolicy registered Low Product file name netty High Product jar package name socket Highest Product pom artifactid netty Highest Product jar package name jboss Highest Product Manifest bundle-docurl http://netty.io/ Low Product Manifest bundle-buddypolicy registered Low Product pom name Netty High Product pom url http://netty.io/ Medium Product pom organization name The Netty Project Low Product pom groupid io.netty Highest Product jar package name netty Highest Product pom organization url http://netty.io/ Low Product Manifest bundle-symbolicname org.jboss.netty Medium Product Manifest Bundle-Name Netty Medium Version Manifest Bundle-Version 3.10.6.Final High Version pom version 3.10.6.Final Highest
Related Dependencies netty-3.10.6.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/netty-3.10.6.Final.jar MD5: e9cdf01138257f48d796fb2cf67af53e SHA1: 18ed04a0e502896552854926e908509db2987a00 SHA256: 8768a50fbe3d93a88d8e6000ea5d68e30f50dc915b3764c3c5870f70c4fb3b49 netty-3.10.6.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/netty-3.10.6.Final.jar MD5: e9cdf01138257f48d796fb2cf67af53e SHA1: 18ed04a0e502896552854926e908509db2987a00 SHA256: 8768a50fbe3d93a88d8e6000ea5d68e30f50dc915b3764c3c5870f70c4fb3b49 Published Vulnerabilities CVE-2019-16869 suppress
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
BUGTRAQ - 20200105 [SECURITY] [DSA 4597-1] netty security update DEBIAN - DSA-4597 MISC - https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final MISC - https://github.com/netty/netty/issues/9571 MLIST - [cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 MLIST - [cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15418) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 for Cassendra 2.2.5 MLIST - [cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities MLIST - [cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6 MLIST - [debian-lts-announce] 20190930 [SECURITY] [DLA 1941-1] netty security update MLIST - [debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update MLIST - [debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities MLIST - [druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [olingo-dev] 20191206 [jira] [Assigned] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Created] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Resolved] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Updated] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191209 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191227 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [spark-issues] 20191219 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191219 [jira] [Created] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191219 [jira] [Updated] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Comment Edited] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Issue Comment Deleted] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Reopened] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Resolved] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [tinkerpop-commits] 20191022 [tinkerpop] branch tp34 updated: Bump to Netty 4.1.42 fixes CVE-2019-16869 - CTR MLIST - [zookeeper-commits] 20191003 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869 MLIST - [zookeeper-commits] 20191003 [zookeeper] branch branch-3.5.6 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869 MLIST - [zookeeper-commits] 20191003 [zookeeper] branch master updated: ZOOKEEPER-3563: Update Netty to address CVE-2019-16869 MLIST - [zookeeper-dev] 20190930 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 MLIST - [zookeeper-dev] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869 MLIST - [zookeeper-dev] 20191001 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 MLIST - [zookeeper-dev] 20191002 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 MLIST - [zookeeper-issues] 20190930 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869 MLIST - [zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty with CVE-2019-16869 MLIST - [zookeeper-issues] 20191001 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20191003 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20191008 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20191008 [jira] [Resolved] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty OSSINDEX - [CVE-2019-16869] Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers... REDHAT - RHSA-2019:3892 REDHAT - RHSA-2019:3901 REDHAT - RHSA-2020:0159 REDHAT - RHSA-2020:0160 REDHAT - RHSA-2020:0161 REDHAT - RHSA-2020:0164 REDHAT - RHSA-2020:0445 UBUNTU - USN-4532-1 Vulnerable Software & Versions:
CVE-2019-20444 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
FEDORA - FEDORA-2020-66b5f85ccc MISC - https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final MISC - https://github.com/netty/netty/issues/9866 MISC - https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E MLIST - [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image MLIST - [cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities MLIST - [cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6 MLIST - [debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update MLIST - [debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update MLIST - [debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update MLIST - [debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update MLIST - [druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12 MLIST - [geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java11 #39 MLIST - [zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java8 #38 MLIST - [zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-master-maven-jdk11 #361 MLIST - [zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 OSSINDEX - [CVE-2019-20444] HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a... REDHAT - RHSA-2020:0497 REDHAT - RHSA-2020:0567 REDHAT - RHSA-2020:0601 REDHAT - RHSA-2020:0605 REDHAT - RHSA-2020:0606 REDHAT - RHSA-2020:0804 REDHAT - RHSA-2020:0805 REDHAT - RHSA-2020:0806 REDHAT - RHSA-2020:0811 UBUNTU - USN-4532-1 Vulnerable Software & Versions:
CVE-2019-20445 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
netty-common-4.1.7.Final.jar (shaded: org.jctools:jctools-core:1.2.1)Description:
Java Concurrency Tools Core Library License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/netty-common-4.1.7.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: b104e807eab8c5ec728e4440814b4e86
SHA1: 890d905133422e4be5df7cffa81e7dd9c5336d7e
SHA256: 12444dc7be1ea1e1b5361f4bb9fb9ae04197b64846c3ce915b363cfafbcdf8d9
Evidence Type Source Name Value Confidence Vendor pom groupid jctools Highest Vendor pom artifactid jctools-core Low Vendor pom name Java Concurrency Tools Core Library High Vendor pom url JCTools Highest Product pom groupid jctools Highest Product pom name Java Concurrency Tools Core Library High Product pom artifactid jctools-core Highest Product pom url JCTools High Version pom version 1.2.1 Highest
netty-transport-4.1.7.Final.jarDescription:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/netty-transport-4.1.7.Final.jar
MD5: fd8ef33a8196b1bd528c855b0cec77e2
SHA1: 469e86d4dda1dca8b88d2b1faa8e0f078243ba12
SHA256: 5c6aaaa855a1ef42885f99cd3ea602f523ef0fe172fda26f1ac693d35abb251b
Evidence Type Source Name Value Confidence Vendor pom artifactid netty-transport Low Vendor file name netty-transport High Vendor pom parent-artifactid netty-parent Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest implementation-url http://netty.io/netty-transport/ Low Vendor Manifest bundle-docurl http://netty.io/ Low Vendor jar package name io Highest Vendor pom groupid io.netty Highest Vendor Manifest bundle-symbolicname io.netty.transport Medium Vendor jar package name netty Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom name Netty/Transport High Product file name netty-transport High Product Manifest Bundle-Name Netty/Transport Medium Product Manifest implementation-url http://netty.io/netty-transport/ Low Product Manifest bundle-docurl http://netty.io/ Low Product Manifest Implementation-Title Netty/Transport High Product jar package name io Highest Product pom artifactid netty-transport Highest Product pom groupid io.netty Highest Product pom parent-artifactid netty-parent Medium Product Manifest bundle-symbolicname io.netty.transport Medium Product jar package name netty Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom name Netty/Transport High Version pom version 4.1.7.Final Highest Version Manifest Implementation-Version 4.1.7.Final High Version Manifest Bundle-Version 4.1.7.Final High
Related Dependencies Published Vulnerabilities CVE-2019-16869 suppress
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
BUGTRAQ - 20200105 [SECURITY] [DSA 4597-1] netty security update DEBIAN - DSA-4597 MISC - https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final MISC - https://github.com/netty/netty/issues/9571 MLIST - [cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 MLIST - [cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15418) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 for Cassendra 2.2.5 MLIST - [cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities MLIST - [cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6 MLIST - [debian-lts-announce] 20190930 [SECURITY] [DLA 1941-1] netty security update MLIST - [debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update MLIST - [debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities MLIST - [druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [olingo-dev] 20191206 [jira] [Assigned] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Created] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Resolved] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191206 [jira] [Updated] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191209 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [olingo-dev] 20191227 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty MLIST - [spark-issues] 20191219 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191219 [jira] [Created] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191219 [jira] [Updated] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Comment Edited] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Issue Comment Deleted] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Reopened] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [spark-issues] 20191220 [jira] [Resolved] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 MLIST - [tinkerpop-commits] 20191022 [tinkerpop] branch tp34 updated: Bump to Netty 4.1.42 fixes CVE-2019-16869 - CTR MLIST - [zookeeper-commits] 20191003 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869 MLIST - [zookeeper-commits] 20191003 [zookeeper] branch branch-3.5.6 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869 MLIST - [zookeeper-commits] 20191003 [zookeeper] branch master updated: ZOOKEEPER-3563: Update Netty to address CVE-2019-16869 MLIST - [zookeeper-dev] 20190930 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 MLIST - [zookeeper-dev] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869 MLIST - [zookeeper-dev] 20191001 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 MLIST - [zookeeper-dev] 20191002 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 MLIST - [zookeeper-issues] 20190930 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869 MLIST - [zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty with CVE-2019-16869 MLIST - [zookeeper-issues] 20191001 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20191003 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20191008 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty MLIST - [zookeeper-issues] 20191008 [jira] [Resolved] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty REDHAT - RHSA-2019:3892 REDHAT - RHSA-2019:3901 REDHAT - RHSA-2020:0159 REDHAT - RHSA-2020:0160 REDHAT - RHSA-2020:0161 REDHAT - RHSA-2020:0164 REDHAT - RHSA-2020:0445 UBUNTU - USN-4532-1 Vulnerable Software & Versions:
CVE-2019-20444 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
FEDORA - FEDORA-2020-66b5f85ccc MISC - https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final MISC - https://github.com/netty/netty/issues/9866 MISC - https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E MISC - https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E MLIST - [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image MLIST - [cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities MLIST - [cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6 MLIST - [debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update MLIST - [debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update MLIST - [debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update MLIST - [debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update MLIST - [druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 MLIST - [flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink MLIST - [geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12 MLIST - [geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, MLIST - [hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 MLIST - [zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java11 #39 MLIST - [zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java8 #38 MLIST - [zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-master-maven-jdk11 #361 MLIST - [zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 MLIST - [zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 REDHAT - RHSA-2020:0497 REDHAT - RHSA-2020:0567 REDHAT - RHSA-2020:0601 REDHAT - RHSA-2020:0605 REDHAT - RHSA-2020:0606 REDHAT - RHSA-2020:0804 REDHAT - RHSA-2020:0805 REDHAT - RHSA-2020:0806 REDHAT - RHSA-2020:0811 UBUNTU - USN-4532-1 Vulnerable Software & Versions:
CVE-2019-20445 suppress
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2020-11612 suppress
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
objenesis-2.5.1.jarDescription:
A library for instantiating Java objects License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/objenesis-2.5.1.jar
MD5: 84b9e3191629e53abbb05a92c683c617
SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4
SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.objenesis Medium Vendor pom artifactid objenesis Low Vendor jar package name instantiator Low Vendor file name objenesis High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor jar package name objenesis Highest Vendor jar package name objenesis Low Vendor pom parent-artifactid objenesis-parent Low Vendor Manifest specification-vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita Low Vendor Manifest implementation-url http://objenesis.org Low Vendor central groupid org.objenesis Highest Vendor pom name Objenesis High Vendor pom groupid objenesis Highest Vendor pom url http://objenesis.org Highest Vendor Manifest Implementation-Vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita High Vendor Manifest bundle-symbolicname org.objenesis Medium Vendor pom parent-groupid org.objenesis Medium Product pom url http://objenesis.org Medium Product pom parent-artifactid objenesis-parent Medium Product Manifest specification-title Objenesis Medium Product central artifactid objenesis Highest Product Manifest Implementation-Title Objenesis High Product jar package name instantiator Low Product file name objenesis High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest Bundle-Name Objenesis Medium Product jar package name objenesis Highest Product Manifest implementation-url http://objenesis.org Low Product pom artifactid objenesis Highest Product pom name Objenesis High Product pom groupid objenesis Highest Product Manifest bundle-symbolicname org.objenesis Medium Product pom parent-groupid org.objenesis Medium Version Manifest Implementation-Version 2.5.1 High Version Manifest Bundle-Version 2.5.1 High Version file version 2.5.1 High Version pom version 2.5.1 Highest Version central version 2.5.1 Highest
Related Dependencies objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 objenesis-2.5.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/objenesis-2.5.1.jar MD5: 84b9e3191629e53abbb05a92c683c617 SHA1: 272bab9a4e5994757044d1fc43ce480c8cb907a4 SHA256: b043f03e466752f7f03e2326a3b13a49b7c649f8f2a2dc87715827e24f73d9c6 org.apache.oltu.oauth2.common-1.0.2.jarDescription:
OAuth 2.0 library - Common License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/org.apache.oltu.oauth2.common-1.0.2.jar
MD5: 48d5e8f17d2f292b32788d2b98b1aebd
SHA1: a82fff95276f4c6feadc7993670e659076e43260
SHA256: 5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968
Evidence Type Source Name Value Confidence Vendor pom groupid apache.oltu.oauth2 Highest Vendor pom parent-groupid org.apache.oltu.oauth2 Medium Vendor pom parent-artifactid org.apache.oltu.oauth2.parent Low Vendor jar package name oauth2 Highest Vendor pom artifactid apache.oltu.oauth2.common Low Vendor jar package name apache Highest Vendor Manifest bundle-docurl https://oltu.apache.org/org.apache.oltu.oauth2.parent/org.apache.oltu.oauth2.common/ Low Vendor jar package name oltu Highest Vendor Manifest implementation-build tags/org.apache.oltu.oauth2.parent-1.0.2/common@r1740515 Low Vendor file name org.apache.oltu.oauth2.common High Vendor Manifest implementation-build-date 2016-04-22 13:07:39+0000 Low Vendor Manifest bundle-symbolicname org.apache.oltu.oauth2.common Medium Vendor jar package name common Highest Vendor pom name Apache Oltu - OAuth 2.0 - Common High Product pom artifactid apache.oltu.oauth2.common Highest Product pom groupid apache.oltu.oauth2 Highest Product pom parent-groupid org.apache.oltu.oauth2 Medium Product jar package name oauth2 Highest Product jar package name apache Highest Product pom parent-artifactid org.apache.oltu.oauth2.parent Medium Product Manifest bundle-docurl https://oltu.apache.org/org.apache.oltu.oauth2.parent/org.apache.oltu.oauth2.common/ Low Product jar package name oltu Highest Product Manifest Bundle-Name Apache Oltu - OAuth 2.0 - Common Medium Product Manifest implementation-build tags/org.apache.oltu.oauth2.parent-1.0.2/common@r1740515 Low Product file name org.apache.oltu.oauth2.common High Product Manifest implementation-build-date 2016-04-22 13:07:39+0000 Low Product jar package name common Highest Product Manifest bundle-symbolicname org.apache.oltu.oauth2.common Medium Product pom name Apache Oltu - OAuth 2.0 - Common High Version Manifest Bundle-Version 1.0.2 High Version pom version 1.0.2 Highest Version file version 1.0.2 High
Related Dependencies org.apache.oltu.oauth2.common-1.0.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/org.apache.oltu.oauth2.common-1.0.2.jar MD5: 48d5e8f17d2f292b32788d2b98b1aebd SHA1: a82fff95276f4c6feadc7993670e659076e43260 SHA256: 5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968 org.apache.oltu.oauth2.common-1.0.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/org.apache.oltu.oauth2.common-1.0.2.jar MD5: 48d5e8f17d2f292b32788d2b98b1aebd SHA1: a82fff95276f4c6feadc7993670e659076e43260 SHA256: 5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968 org.apache.oltu.oauth2.common-1.0.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/org.apache.oltu.oauth2.common-1.0.2.jar MD5: 48d5e8f17d2f292b32788d2b98b1aebd SHA1: a82fff95276f4c6feadc7993670e659076e43260 SHA256: 5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968 org.apache.oltu.oauth2.common-1.0.2.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/org.apache.oltu.oauth2.common-1.0.2.jar MD5: 48d5e8f17d2f292b32788d2b98b1aebd SHA1: a82fff95276f4c6feadc7993670e659076e43260 SHA256: 5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968 org.jacoco.agent-0.7.9-runtime.jarDescription:
JaCoCo Agent File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/org.jacoco.agent-0.7.9-runtime.jarMD5: 13f8627b85a0049e046bf04e6ea91103SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cffSHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e
Evidence Type Source Name Value Confidence Vendor jar package name agent Low Vendor jar package name jacoco Low Vendor pom parent-artifactid org.jacoco.build Low Vendor pom groupid jacoco Highest Vendor Manifest Implementation-Vendor Mountainminds GmbH & Co. KG High Vendor jar package name rt Low Vendor central groupid org.jacoco Highest Vendor pom parent-groupid org.jacoco Medium Vendor pom artifactid jacoco.agent Low Vendor file name org.jacoco.agent High Vendor pom name JaCoCo :: Agent High Product Manifest Implementation-Title JaCoCo Java Agent High Product jar package name internal_8ff85ea Low Product pom parent-groupid org.jacoco Medium Product jar package name agent Low Product pom artifactid jacoco.agent Highest Product pom groupid jacoco Highest Product pom parent-artifactid org.jacoco.build Medium Product jar package name agent Highest Product jar package name rt Low Product central artifactid org.jacoco.agent Highest Product file name org.jacoco.agent High Product jar package name jacoco Highest Product pom name JaCoCo :: Agent High Version central version 0.7.9 Highest Version pom version 0.7.9 Highest Version Manifest Implementation-Version 0.7.9 High Version file version 0.7.9 High
Related Dependencies org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/org.jacoco.agent-0.7.9-runtime.jar MD5: 13f8627b85a0049e046bf04e6ea91103 SHA1: a6ac9cca89d889222a40dab9dd5039bfd22a4cff SHA256: 44238878b1e6e7d36c698019430018c18baec9b344e9e223bf75c37c8f84d74e org.jacoco.agent-0.7.9-runtime.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.7.9)Description:
JaCoCo Java Agent File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/org.jacoco.agent-0.7.9-runtime.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xmlMD5: 4c617355517b3a9d0ff9ddbbfaa6abe9SHA1: 13374d463bfd0a532384db1651a64d34c2c9e3b5SHA256: 3ba57d0575b693a8d3bd6376e32de00653cd67e6b98119225e4e06cfb238a185
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid org.jacoco.build Low Vendor pom groupid jacoco Highest Vendor pom name JaCoCo :: Agent RT High Vendor pom parent-groupid org.jacoco Medium Vendor pom artifactid jacoco.agent.rt Low Product pom groupid jacoco Highest Product pom parent-artifactid org.jacoco.build Medium Product pom artifactid jacoco.agent.rt Highest Product pom name JaCoCo :: Agent RT High Product pom parent-groupid org.jacoco Medium Version pom version 0.7.9 Highest
org.jacoco.core-0.7.9.jarDescription:
JaCoCo Core License:
http://www.eclipse.org/legal/epl-v10.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/org.jacoco.core-0.7.9.jar
MD5: b31bf7ed1a27f2edeac6c525be96079b
SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef
SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom parent-artifactid org.jacoco.build Low Vendor Manifest bundle-symbolicname org.jacoco.core Medium Vendor pom groupid jacoco Highest Vendor file name org.jacoco.core High Vendor jar package name core Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid jacoco.core Low Vendor pom parent-groupid org.jacoco Medium Vendor pom name JaCoCo :: Core High Vendor jar package name jacoco Highest Product jar package name core Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom parent-groupid org.jacoco Medium Product pom artifactid jacoco.core Highest Product pom name JaCoCo :: Core High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.jacoco.core Medium Product Manifest Bundle-Name JaCoCo Core Medium Product pom groupid jacoco Highest Product file name org.jacoco.core High Product pom parent-artifactid org.jacoco.build Medium Product jar package name jacoco Highest Version pom version 0.7.9 Highest Version file version 0.7.9 High
Related Dependencies org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.core-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/org.jacoco.core-0.7.9.jar MD5: b31bf7ed1a27f2edeac6c525be96079b SHA1: 66215826a684eb6866d4c14a5a4f9c344f1d1eef SHA256: f594db9a0da20141857d0f38630e17f5e01fe2d4010290dab44402860d44ffb3 org.jacoco.report-0.7.9.jarDescription:
JaCoCo Report License:
http://www.eclipse.org/legal/epl-v10.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/org.jacoco.report-0.7.9.jar
MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee
SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10
SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4
Evidence Type Source Name Value Confidence Vendor pom artifactid jacoco.report Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom parent-artifactid org.jacoco.build Low Vendor Manifest bundle-symbolicname org.jacoco.report Medium Vendor jar package name report Highest Vendor file name org.jacoco.report High Vendor pom groupid jacoco Highest Vendor pom name JaCoCo :: Report High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom parent-groupid org.jacoco Medium Vendor jar package name jacoco Highest Product Manifest bundle-symbolicname org.jacoco.report Medium Product jar package name report Highest Product Manifest Bundle-Name JaCoCo Report Medium Product file name org.jacoco.report High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom parent-groupid org.jacoco Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom groupid jacoco Highest Product pom parent-artifactid org.jacoco.build Medium Product pom artifactid jacoco.report Highest Product pom name JaCoCo :: Report High Product jar package name jacoco Highest Version pom version 0.7.9 Highest Version file version 0.7.9 High
Related Dependencies org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/org.jacoco.report-0.7.9.jar MD5: 1e8ad08dcf16518d31cb91a8b8fe60ee SHA1: 8a7f78fdf2a4e58762890d8e896a9298c2980c10 SHA256: 8d0be46e1170d205cd243c958be4680a85c8228030365e1846c7f53e6199b8c4 org.jacoco.report-0.7.9.jar: prettify.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/org.jacoco.report-0.7.9.jar/org/jacoco/report/internal/html/resources/prettify.jsMD5: ca542347ebfb8350ece6bbc956c219a4SHA1: 7b53b64816f5eda1b77f8a2830bdb828f8318a90SHA256: 36d605c47018e0360ee889093d97f8976676a48792c8aca09599a04c79ed2cdd
Evidence Type Source Name Value Confidence
org.jacoco.report-0.7.9.jar: sort.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/org.jacoco.report-0.7.9.jar/org/jacoco/report/internal/html/resources/sort.jsMD5: 7e539dae31978a007458774819294478SHA1: 87e3613e2cb4ffe8f0ffd903c5974085faffdc5eSHA256: 794d2579d4adb28c3d4ccf9d9b0410ce01d58ff9f8b1956fb8beddc8417b09c0
Evidence Type Source Name Value Confidence
oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/oro-2.0.8.jarMD5: 42e940d5d2d822f4dc04c65053e630abSHA1: 5592374f834645c4ae250f4c9fbb314c9369d698SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e
Evidence Type Source Name Value Confidence Vendor central groupid oro Highest Vendor jar package name apache Low Vendor pom groupid oro Highest Vendor jar package name oro Low Vendor pom artifactid oro Low Vendor file name oro High Vendor jar package name apache Highest Vendor jar package name text Low Vendor manifest: org/apache/oro Implementation-Vendor Apache Software Foundation Medium Product jar package name oro Highest Product central artifactid oro Highest Product pom artifactid oro Highest Product pom groupid oro Highest Product jar package name oro Low Product file name oro High Product jar package name apache Highest Product jar package name text Low Product manifest: org/apache/oro Implementation-Title org.apache.oro Medium Product manifest: org/apache/oro Specification-Title Jakarta ORO Medium Version pom version 2.0.8 Highest Version file version 2.0.8 High Version central version 2.0.8 Highest
Related Dependencies oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e oro-2.0.8.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e pagehelper-4.1.6.jarDescription:
Mybatis Pagination Plugin License:
The MIT License (MIT): https://github.com/pagehelper/Mybatis-PageHelper/blob/master/LICENSE File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/pagehelper-4.1.6.jar
MD5: 65717b86fb5d71757fe6d73d2d5e71ba
SHA1: 48eb74110c115b01f4fe8d184845247eb0d22b0f
SHA256: c162bf2671adf72629c00ee6537b97a181b196d888d936967a494b87cfa41b08
Evidence Type Source Name Value Confidence Vendor pom url pagehelper/Mybatis-PageHelper Highest Vendor jar package name pagehelper Highest Vendor jar package name github Low Vendor pom groupid github.pagehelper Highest Vendor pom artifactid pagehelper Low Vendor pom name pagehelper High Vendor jar package name pagehelper Low Vendor jar package name github Highest Vendor file name pagehelper High Product pom artifactid pagehelper Highest Product pom url pagehelper/Mybatis-PageHelper High Product jar package name pagehelper Highest Product pom groupid github.pagehelper Highest Product pom name pagehelper High Product jar package name pagehelper Low Product jar package name github Highest Product jar package name parser Low Product file name pagehelper High Version file version 4.1.6 High Version pom version 4.1.6 Highest
Related Dependencies pagehelper-4.1.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/pagehelper-4.1.6.jar MD5: 65717b86fb5d71757fe6d73d2d5e71ba SHA1: 48eb74110c115b01f4fe8d184845247eb0d22b0f SHA256: c162bf2671adf72629c00ee6537b97a181b196d888d936967a494b87cfa41b08 pagehelper-4.1.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/pagehelper-4.1.6.jar MD5: 65717b86fb5d71757fe6d73d2d5e71ba SHA1: 48eb74110c115b01f4fe8d184845247eb0d22b0f SHA256: c162bf2671adf72629c00ee6537b97a181b196d888d936967a494b87cfa41b08 pagehelper-4.1.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/pagehelper-4.1.6.jar MD5: 65717b86fb5d71757fe6d73d2d5e71ba SHA1: 48eb74110c115b01f4fe8d184845247eb0d22b0f SHA256: c162bf2671adf72629c00ee6537b97a181b196d888d936967a494b87cfa41b08 pagehelper-4.1.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/pagehelper-4.1.6.jar MD5: 65717b86fb5d71757fe6d73d2d5e71ba SHA1: 48eb74110c115b01f4fe8d184845247eb0d22b0f SHA256: c162bf2671adf72629c00ee6537b97a181b196d888d936967a494b87cfa41b08 pagehelper-4.1.6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/pagehelper-4.1.6.jar MD5: 65717b86fb5d71757fe6d73d2d5e71ba SHA1: 48eb74110c115b01f4fe8d184845247eb0d22b0f SHA256: c162bf2671adf72629c00ee6537b97a181b196d888d936967a494b87cfa41b08 percolator-client-5.2.1.jarDescription:
Percolator module adds capability to index queries and query these queries by specifying documents License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/percolator-client-5.2.1.jar
MD5: 772c245620afbd9dcc79a88caab76392
SHA1: faadefcc39f4208e3ddc9a8e104de6fec8ccb966
SHA256: 5bfa856f53834458f93ee54bc8af5bb9ba1b6b82a274f25a9a6cdc5d1b03b3f7
Evidence Type Source Name Value Confidence Vendor file name percolator-client High Vendor Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Vendor central groupid org.codelibs.elasticsearch.module High Vendor pom artifactid percolator-client Low Vendor pom name percolator High Vendor pom groupid codelibs.elasticsearch.module Highest Vendor Manifest module-origin elastic/elasticsearch.git Low Vendor Manifest module-source /modules/percolator Low Vendor pom url elastic/elasticsearch Highest Vendor Manifest built-status integration Low Vendor Manifest build-date 2017-02-09T22:07:05.684Z Low Vendor Manifest change db0d481 Low Vendor jar package name elasticsearch Low Vendor pom artifactid percolator Low Vendor Manifest built-os Linux Low Vendor central groupid org.elasticsearch.plugin High Vendor jar package name percolator Low Vendor pom url codelibs/elasticsearch-module Highest Vendor pom groupid elasticsearch.plugin Highest Vendor Manifest x-compile-elasticsearch-snapshot false Low Product file name percolator-client High Product Manifest Implementation-Title org.elasticsearch.plugin#percolator;5.2.1 High Product Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Product pom url elastic/elasticsearch High Product pom name percolator High Product central artifactid percolator-client High Product central artifactid percolator High Product pom groupid codelibs.elasticsearch.module Highest Product pom artifactid percolator Highest Product Manifest module-origin elastic/elasticsearch.git Low Product Manifest module-source /modules/percolator Low Product pom artifactid percolator-client Highest Product jar package name elasticsearch Highest Product Manifest built-status integration Low Product Manifest build-date 2017-02-09T22:07:05.684Z Low Product Manifest change db0d481 Low Product pom url codelibs/elasticsearch-module High Product Manifest built-os Linux Low Product jar package name percolator Highest Product jar package name percolator Low Product pom groupid elasticsearch.plugin Highest Product Manifest x-compile-elasticsearch-snapshot false Low Version pom version 5.2.1 Highest Version central version 5.2.1 High Version Manifest Implementation-Version 5.2.1 High Version Manifest x-compile-elasticsearch-version 5.2.1 Medium Version file version 5.2.1 High
Related Dependencies percolator-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/percolator-client-5.2.1.jar MD5: 772c245620afbd9dcc79a88caab76392 SHA1: faadefcc39f4208e3ddc9a8e104de6fec8ccb966 SHA256: 5bfa856f53834458f93ee54bc8af5bb9ba1b6b82a274f25a9a6cdc5d1b03b3f7 percolator-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/percolator-client-5.2.1.jar MD5: 772c245620afbd9dcc79a88caab76392 SHA1: faadefcc39f4208e3ddc9a8e104de6fec8ccb966 SHA256: 5bfa856f53834458f93ee54bc8af5bb9ba1b6b82a274f25a9a6cdc5d1b03b3f7 Published Vulnerabilities CVE-2019-7611 suppress
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-7614 suppress
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-7019 suppress
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. CWE-269 Improper Privilege Management
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jarMD5: 99533a9d3e0fa3280cd0bd3426c5f99bSHA1: 94aea3010e250a334d9dab7f591114cd6c767458SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf
Evidence Type Source Name Value Confidence Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor pom artifactid plexus-container-default Low Vendor pom parent-groupid org.codehaus.plexus Medium Vendor file name plexus-container-default High Vendor pom groupid codehaus.plexus Highest Vendor jar package name plexus Low Vendor jar package name codehaus Low Vendor pom name Default Plexus Container High Vendor pom parent-artifactid plexus-containers Low Vendor jar package name component Low Product jar package name codehaus Highest Product jar package name plexus Highest Product pom parent-groupid org.codehaus.plexus Medium Product file name plexus-container-default High Product pom parent-artifactid plexus-containers Medium Product pom groupid codehaus.plexus Highest Product jar package name plexus Low Product pom artifactid plexus-container-default Highest Product pom name Default Plexus Container High Product jar package name component Low Version pom parent-version 1.0-alpha-9-stable-1 Low Version pom version 1.0-alpha-9-stable-1 Highest
Related Dependencies plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/plexus-container-default-1.0-alpha-9-stable-1.jar MD5: 99533a9d3e0fa3280cd0bd3426c5f99b SHA1: 94aea3010e250a334d9dab7f591114cd6c767458 SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/plexus-i18n-1.0-beta-7.jarMD5: 65d4f673bd0c49dbc67e020e96b00753SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9
Evidence Type Source Name Value Confidence Vendor file name plexus-i18n High Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom artifactid plexus-i18n Low Vendor pom groupid codehaus.plexus Highest Vendor jar package name plexus Low Vendor pom name Plexus I18N Component High Vendor jar package name i18n Highest Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor jar package name i18n Low Vendor pom parent-artifactid plexus-components Low Vendor jar package name codehaus Low Product jar package name codehaus Highest Product jar package name plexus Highest Product file name plexus-i18n High Product pom parent-groupid org.codehaus.plexus Medium Product jar package name i18n Low Product pom groupid codehaus.plexus Highest Product jar package name plexus Low Product pom artifactid plexus-i18n Highest Product pom parent-artifactid plexus-components Medium Product pom name Plexus I18N Component High Product jar package name i18n Highest Version pom version 1.0-beta-7 Highest Version pom parent-version 1.0-beta-7 Low
Related Dependencies plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-i18n-1.0-beta-7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/plexus-i18n-1.0-beta-7.jar MD5: 65d4f673bd0c49dbc67e020e96b00753 SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57 SHA256: fff07392dc6b29ef90c435ab004671a715f0aa36653e53b44c358eb842ce67d9 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/plexus-interpolation-1.11.jarMD5: d5ef768cef9a261d569ff1f672324154SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom groupid codehaus.plexus Highest Vendor jar package name plexus Low Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor pom name Plexus Interpolation API High Vendor pom parent-artifactid plexus-components Low Vendor pom artifactid plexus-interpolation Low Vendor jar package name codehaus Low Vendor file name plexus-interpolation High Vendor jar package name interpolation Highest Vendor jar package name interpolation Low Product jar package name codehaus Highest Product jar package name plexus Highest Product pom parent-groupid org.codehaus.plexus Medium Product pom name Plexus Interpolation API High Product pom artifactid plexus-interpolation Highest Product pom groupid codehaus.plexus Highest Product jar package name plexus Low Product pom parent-artifactid plexus-components Medium Product file name plexus-interpolation High Product jar package name interpolation Highest Product jar package name interpolation Low Version file version 1.11 High Version pom parent-version 1.11 Low Version pom version 1.11 Highest
Related Dependencies plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-interpolation-1.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/plexus-interpolation-1.11.jar MD5: d5ef768cef9a261d569ff1f672324154 SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7 SHA256: fd9507feb858fa620d1b4aa4b7039fdea1a77e09d3fd28cfbddfff468d9d8c28 plexus-utils-3.0.22.jarDescription:
A collection of various utility classes to ease working with strings, files, command lines, XML and
more.
File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/plexus-utils-3.0.22.jarMD5: 2a32677a099da7c5b9b2b39c066f2cc6SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92fSHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab
Evidence Type Source Name Value Confidence Vendor pom url http://plexus.codehaus.org/plexus-utils Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom groupid codehaus.plexus Highest Vendor jar package name plexus Low Vendor pom parent-artifactid plexus Low Vendor jar package name util Low Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor file name plexus-utils High Vendor jar package name codehaus Low Vendor pom artifactid plexus-utils Low Vendor pom name Plexus Common Utilities High Vendor jar package name xml Highest Product pom parent-groupid org.codehaus.plexus Medium Product pom groupid codehaus.plexus Highest Product jar package name plexus Low Product pom url http://plexus.codehaus.org/plexus-utils Medium Product jar package name util Low Product jar package name codehaus Highest Product jar package name plexus Highest Product pom artifactid plexus-utils Highest Product pom parent-artifactid plexus Medium Product file name plexus-utils High Product pom name Plexus Common Utilities High Product jar package name xml Highest Version file version 3.0.22 High Version pom parent-version 3.0.22 Low Version pom version 3.0.22 Highest
Related Dependencies plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab plexus-utils-3.0.22.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/plexus-utils-3.0.22.jar MD5: 2a32677a099da7c5b9b2b39c066f2cc6 SHA1: 764f26e0ab13a87c48fe55f525dfb6a133b7a92f SHA256: 0f31c44b275f87e56d46a582ce96d03b9e2ab344cf87c4e268b34d3ad046beab Published Vulnerabilities Directory traversal in org.codehaus.plexus.util.Expand (OSSINDEX) suppress
> org.codehaus.plexus.util.Expand does not guard against directory traversal, but such protection is generally expected from unarchiving tools.
>
> -- [github.com](https://github.com/codehaus-plexus/plexus-utils/issues/4) Unscored:
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.plexus:plexus-utils:3.0.22:*:*:*:*:*:*:* Possible XML Injection (OSSINDEX) suppress
> `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment(XMLWriter, String, int, int, int)` does not check if the comment includes a `"-->"` sequence. This means that text contained in the command string could be interpreted as XML, possibly leading to XML injection issues, depending on how this method is being called.
>
> -- [github.com](https://github.com/codehaus-plexus/plexus-utils/issues/3) Unscored:
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.plexus:plexus-utils:3.0.22:*:*:*:*:*:*:* plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/plexus-velocity-1.1.7.jarMD5: d460d060e07b3bccaf6593440ce7be1eSHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0bSHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae
Evidence Type Source Name Value Confidence Vendor jar package name velocity Low Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom groupid codehaus.plexus Highest Vendor jar package name plexus Low Vendor pom name Plexus Velocity Component High Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor pom artifactid plexus-velocity Low Vendor file name plexus-velocity High Vendor pom parent-artifactid plexus-components Low Vendor jar package name codehaus Low Vendor jar package name velocity Highest Product jar package name codehaus Highest Product jar package name plexus Highest Product jar package name velocity Low Product pom parent-groupid org.codehaus.plexus Medium Product file name plexus-velocity High Product pom groupid codehaus.plexus Highest Product pom artifactid plexus-velocity Highest Product jar package name plexus Low Product pom parent-artifactid plexus-components Medium Product jar package name velocity Highest Product pom name Plexus Velocity Component High Version file version 1.1.7 High Version pom parent-version 1.1.7 Low Version pom version 1.1.7 Highest
Related Dependencies plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae plexus-velocity-1.1.7.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/plexus-velocity-1.1.7.jar MD5: d460d060e07b3bccaf6593440ce7be1e SHA1: 1440fc2552d1405b1c2d380ef3b96c4d9c6dbd0b SHA256: 1c9c994fbcd31526d451797072d7afb19f9b1962e710f3088f54fd1267b45fae random-beans-3.5.0.jarDescription:
Random Beans core implementation License:
MIT License: http://opensource.org/licenses/mit-license.php File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/random-beans-3.5.0.jar
MD5: 7a350b1371506951519a0f045574d566
SHA1: e0081e96a509d2bc7757674633b5ed577640277e
SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525
Evidence Type Source Name Value Confidence Vendor pom url benas/random-beans Highest Vendor jar package name github Low Vendor pom parent-artifactid random-beans-parent Low Vendor pom groupid io.github.benas Highest Vendor pom artifactid random-beans Low Vendor jar package name github Highest Vendor pom name Random Beans Core High Vendor file name random-beans High Vendor jar package name io Highest Vendor jar package name benas Low Vendor jar package name io Low Vendor jar package name benas Highest Product jar package name github Low Product pom groupid io.github.benas Highest Product pom url benas/random-beans High Product jar package name github Highest Product pom name Random Beans Core High Product pom parent-artifactid random-beans-parent Medium Product jar package name randombeans Low Product pom artifactid random-beans Highest Product file name random-beans High Product jar package name io Highest Product jar package name benas Low Product jar package name benas Highest Version file version 3.5.0 High Version pom version 3.5.0 Highest
Related Dependencies random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 random-beans-3.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/random-beans-3.5.0.jar MD5: 7a350b1371506951519a0f045574d566 SHA1: e0081e96a509d2bc7757674633b5ed577640277e SHA256: 067dc8d3c1d1f4d73c17582edbc7a27bdc1fe28254c34de459ac9fa63a795525 reindex-client-5.2.1.jarDescription:
The Reindex module adds APIs to reindex from one index to another or update documents in place. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/reindex-client-5.2.1.jar
MD5: d3407859a638305a672ee9914f4ddb97
SHA1: 0e94b21f6a1c51528d2f7ae92aad27f05748ccd9
SHA256: 32df0f6978b7ba37fb012ef56d5fc0573522177f45abad003320636d47c1a80b
Evidence Type Source Name Value Confidence Vendor Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Vendor central groupid org.codelibs.elasticsearch.module High Vendor file name reindex-client High Vendor pom groupid codelibs.elasticsearch.module Highest Vendor Manifest module-origin elastic/elasticsearch.git Low Vendor pom url elastic/elasticsearch Highest Vendor jar package name index Low Vendor Manifest build-date 2017-02-09T22:07:09.745Z Low Vendor Manifest built-status integration Low Vendor pom artifactid reindex Low Vendor Manifest change db0d481 Low Vendor Manifest module-source /modules/reindex Low Vendor jar package name elasticsearch Low Vendor pom artifactid reindex-client Low Vendor Manifest built-os Linux Low Vendor jar package name reindex Low Vendor pom name reindex High Vendor central groupid org.elasticsearch.plugin High Vendor pom url codelibs/elasticsearch-module Highest Vendor pom groupid elasticsearch.plugin Highest Vendor Manifest x-compile-elasticsearch-snapshot false Low Product Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Product central artifactid reindex High Product pom url elastic/elasticsearch High Product central artifactid reindex-client High Product pom artifactid reindex-client Highest Product jar package name reindex Highest Product file name reindex-client High Product pom groupid codelibs.elasticsearch.module Highest Product Manifest module-origin elastic/elasticsearch.git Low Product jar package name index Low Product jar package name elasticsearch Highest Product Manifest build-date 2017-02-09T22:07:09.745Z Low Product Manifest built-status integration Low Product pom artifactid reindex Highest Product Manifest Implementation-Title org.elasticsearch.plugin#reindex;5.2.1 High Product Manifest change db0d481 Low Product Manifest module-source /modules/reindex Low Product pom url codelibs/elasticsearch-module High Product Manifest built-os Linux Low Product jar package name reindex Low Product pom name reindex High Product pom groupid elasticsearch.plugin Highest Product Manifest x-compile-elasticsearch-snapshot false Low Version pom version 5.2.1 Highest Version central version 5.2.1 High Version Manifest Implementation-Version 5.2.1 High Version Manifest x-compile-elasticsearch-version 5.2.1 Medium Version file version 5.2.1 High
Related Dependencies reindex-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/reindex-client-5.2.1.jar MD5: d3407859a638305a672ee9914f4ddb97 SHA1: 0e94b21f6a1c51528d2f7ae92aad27f05748ccd9 SHA256: 32df0f6978b7ba37fb012ef56d5fc0573522177f45abad003320636d47c1a80b reindex-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/reindex-client-5.2.1.jar MD5: d3407859a638305a672ee9914f4ddb97 SHA1: 0e94b21f6a1c51528d2f7ae92aad27f05748ccd9 SHA256: 32df0f6978b7ba37fb012ef56d5fc0573522177f45abad003320636d47c1a80b Published Vulnerabilities CVE-2019-7611 suppress
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-7614 suppress
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-7019 suppress
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. CWE-269 Improper Privilege Management
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
rest-5.2.1.jarDescription:
Elasticsearch subproject :client:rest License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/rest-5.2.1.jar
MD5: 245a58c0103d2e3c53886cb29cf2273c
SHA1: e1792b0a249339fd4000820712f486a83cae3405
SHA256: 90d4d2df6009c1b9b23b4d2ce0e1f688dae79b8a1f7ada572d4ae2db9775e84b
Evidence Type Source Name Value Confidence Vendor central groupid org.elasticsearch.client Highest Vendor Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Vendor Manifest build-date 2017-02-09T22:06:59.808Z Low Vendor file name rest High Vendor Manifest module-origin elastic/elasticsearch.git Low Vendor pom url elastic/elasticsearch Highest Vendor pom artifactid rest Low Vendor Manifest built-status integration Low Vendor Manifest change db0d481 Low Vendor Manifest module-source /client/rest Low Vendor jar package name elasticsearch Low Vendor pom groupid elasticsearch.client Highest Vendor jar package name client Low Vendor Manifest built-os Linux Low Vendor pom name rest High Vendor Manifest x-compile-elasticsearch-snapshot false Low Product Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Product Manifest build-date 2017-02-09T22:06:59.808Z Low Product pom url elastic/elasticsearch High Product file name rest High Product Manifest module-origin elastic/elasticsearch.git Low Product central artifactid rest Highest Product jar package name elasticsearch Highest Product Manifest built-status integration Low Product pom artifactid rest Highest Product Manifest Implementation-Title org.elasticsearch.client#rest;5.2.1 High Product Manifest change db0d481 Low Product Manifest module-source /client/rest Low Product pom groupid elasticsearch.client Highest Product jar package name client Low Product Manifest built-os Linux Low Product pom name rest High Product jar package name client Highest Product Manifest x-compile-elasticsearch-snapshot false Low Version central version 5.2.1 Highest Version pom version 5.2.1 Highest Version Manifest Implementation-Version 5.2.1 High Version Manifest x-compile-elasticsearch-version 5.2.1 Medium Version file version 5.2.1 High
Related Dependencies rest-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/rest-5.2.1.jar MD5: 245a58c0103d2e3c53886cb29cf2273c SHA1: e1792b0a249339fd4000820712f486a83cae3405 SHA256: 90d4d2df6009c1b9b23b4d2ce0e1f688dae79b8a1f7ada572d4ae2db9775e84b rest-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/rest-5.2.1.jar MD5: 245a58c0103d2e3c53886cb29cf2273c SHA1: e1792b0a249339fd4000820712f486a83cae3405 SHA256: 90d4d2df6009c1b9b23b4d2ce0e1f688dae79b8a1f7ada572d4ae2db9775e84b Published Vulnerabilities CVE-2019-7611 suppress
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-7614 suppress
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-7019 suppress
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. CWE-269 Improper Privilege Management
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
rhino-1.7R4.jarDescription:
Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. License:
Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/rhino-1.7R4.jar
MD5: 3850097fb5c9aa1065cc198f1b82dcf1
SHA1: e982f2136574b9a423186fbaeaaa98dc3e5a5288
SHA256: eb4cbd05a48ee4448825da229e94115e68adc6c5638d29022914e1178c60a6c4
Evidence Type Source Name Value Confidence Vendor central groupid org.mozilla Highest Vendor file name rhino High Vendor pom artifactid rhino Low Vendor Manifest Implementation-Vendor Mozilla Foundation High Vendor pom organization name The Mozilla Foundation High Vendor Manifest implementation-url http://www.mozilla.org/rhino Low Vendor pom organization url http://www.mozilla.org Medium Vendor jar package name javascript Low Vendor pom groupid mozilla Highest Vendor pom url https://developer.mozilla.org/en/Rhino Highest Vendor pom name Mozilla Rhino High Vendor jar package name mozilla Highest Vendor jar package name mozilla Low Product pom organization url http://www.mozilla.org Low Product file name rhino High Product Manifest Implementation-Title Mozilla Rhino 1.7R4 High Product pom artifactid rhino Highest Product pom organization name The Mozilla Foundation Low Product Manifest implementation-url http://www.mozilla.org/rhino Low Product central artifactid rhino Highest Product jar package name javascript Low Product pom url https://developer.mozilla.org/en/Rhino Medium Product pom groupid mozilla Highest Product pom name Mozilla Rhino High Product jar package name mozilla Highest Version central version 1.7R4 Highest Version pom version 1.7R4 Highest Version Manifest Implementation-Version 1.7R4 High
rxjava-1.2.0.jarDescription:
rxjava License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/rxjava-1.2.0.jar
MD5: e537191fbc9b7147a3254ce5a77e71dd
SHA1: 42bfaf64c94f3848ebf5cf1c2ea4ec9d1b3ac6c8
SHA256: 2b6c36c1d46d9aeccc0408cb8d37d8e1338d80065d0ace26768d1eddce619670
Evidence Type Source Name Value Confidence Vendor central groupid io.reactivex Highest Vendor Manifest build-host testing-worker-linux-docker-3695a921-3472-linux-1 Low Vendor Manifest module-email benjchristensen@netflix.com Low Vendor Manifest module-source Low Vendor jar package name internal Low Vendor file name rxjava High Vendor Manifest build-number LOCAL Low Vendor Manifest built-status integration Low Vendor pom artifactid rxjava Low Vendor Manifest module-owner benjchristensen@netflix.com Low Vendor pom url ReactiveX/RxJava Highest Vendor Manifest bundle-docurl https://github.com/ReactiveX/RxJava Low Vendor Manifest build-job LOCAL Low Vendor Manifest branch 01e68d3f9b92a6bc50956ac6995bccde37ddcff5 Low Vendor Manifest module-origin https://github.com/ReactiveX/RxJava.git Low Vendor Manifest bundle-symbolicname io.reactivex.rxjava Medium Vendor Manifest built-os Linux Low Vendor pom groupid io.reactivex Highest Vendor Manifest build-date 2016-09-17_13:26:16 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name rx Low Vendor Manifest change 01e68d3 Low Vendor pom name rxjava High Product Manifest Bundle-Name rxjava Medium Product Manifest module-source Low Product Manifest build-number LOCAL Low Product Manifest bundle-docurl https://github.com/ReactiveX/RxJava Low Product Manifest build-job LOCAL Low Product Manifest branch 01e68d3f9b92a6bc50956ac6995bccde37ddcff5 Low Product Manifest built-os Linux Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest change 01e68d3 Low Product pom name rxjava High Product pom url ReactiveX/RxJava High Product Manifest Implementation-Title io.reactivex#rxjava;1.2.0 High Product central artifactid rxjava Highest Product Manifest build-host testing-worker-linux-docker-3695a921-3472-linux-1 Low Product pom artifactid rxjava Highest Product Manifest module-email benjchristensen@netflix.com Low Product jar package name internal Low Product file name rxjava High Product Manifest built-status integration Low Product Manifest module-owner benjchristensen@netflix.com Low Product Manifest module-origin https://github.com/ReactiveX/RxJava.git Low Product Manifest bundle-symbolicname io.reactivex.rxjava Medium Product pom groupid io.reactivex Highest Product Manifest build-date 2016-09-17_13:26:16 Low Version file version 1.2.0 High Version Manifest Bundle-Version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High Version central version 1.2.0 Highest Version pom version 1.2.0 Highest
securesm-1.1.jarDescription:
SecurityManager implementation that works around design flaws in Java License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/securesm-1.1.jar
MD5: 2ce8857836ff479756cf0cccd3f1fddf
SHA1: 1e423447d020041534be94c0f31a49fbdc1f2950
SHA256: 804330562c1cd2efc7fb2cfa3a5cfba6c308ee47664b1397da9d01f89d8a0d7c
Evidence Type Source Name Value Confidence Vendor jar package name securesm Highest Vendor pom name Elasticsearch SecureSM High Vendor jar package name elasticsearch Low Vendor pom groupid elasticsearch Highest Vendor file name securesm High Vendor pom artifactid securesm Low Vendor jar package name elasticsearch Highest Product jar package name securesm Highest Product pom name Elasticsearch SecureSM High Product pom groupid elasticsearch Highest Product file name securesm High Product pom artifactid securesm Highest Product jar package name elasticsearch Highest Version file version 1.1 High Version pom version 1.1 Highest
Related Dependencies securesm-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/securesm-1.1.jar MD5: 2ce8857836ff479756cf0cccd3f1fddf SHA1: 1e423447d020041534be94c0f31a49fbdc1f2950 SHA256: 804330562c1cd2efc7fb2cfa3a5cfba6c308ee47664b1397da9d01f89d8a0d7c securesm-1.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/securesm-1.1.jar MD5: 2ce8857836ff479756cf0cccd3f1fddf SHA1: 1e423447d020041534be94c0f31a49fbdc1f2950 SHA256: 804330562c1cd2efc7fb2cfa3a5cfba6c308ee47664b1397da9d01f89d8a0d7c servo-core-0.7.2.jarDescription:
servo-core developed by Netflix License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/servo-core-0.7.2.jar
MD5: dbd860da12d88bd2d18c6a20d250cae4
SHA1: b940f73ac9ddb440b79e801c8b936228dc0cc142
SHA256: 85009706a37dba8e1744a6e6cb7d63aea4fb8fa65f8b754c0952a1140762e568
Evidence Type Source Name Value Confidence Vendor jar package name servo Low Vendor pom name servo-core High Vendor pom url Netflix/OSS-netflix-servo-release Highest Vendor jar package name netflix Low Vendor pom artifactid servo-core Low Vendor file name servo-core High Vendor pom groupid netflix.servo Highest Vendor central groupid com.netflix.servo Highest Product jar package name servo Low Product pom name servo-core High Product file name servo-core High Product pom groupid netflix.servo Highest Product pom url Netflix/OSS-netflix-servo-release High Product central artifactid servo-core Highest Product pom artifactid servo-core Highest Version file version 0.7.2 High Version central version 0.7.2 Highest Version pom version 0.7.2 Highest
shiro-core-1.6.0.jarDescription:
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/shiro-core-1.6.0.jar
MD5: de58c19080f89f3706ed26f78e2de0cd
SHA1: 6e53a0909f278989300996d529b129b23bae4752
SHA256: 2370d47faf2d2fff381e4ed5c60fa78b6dd9f0e372fb1f00cb03ddbdcaed2672
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid shiro-root Low Vendor jar package name shiro Highest Vendor jar package name apache Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-symbolicname org.apache.shiro.core Medium Vendor pom artifactid shiro-core Low Vendor file name shiro-core High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-url https://shiro.apache.org/shiro-core/ Low Vendor pom groupid apache.shiro Highest Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium Vendor pom parent-groupid org.apache.shiro Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache Shiro :: Core High Product jar package name shiro Highest Product jar package name session Highest Product jar package name apache Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Shiro :: Core Medium Product Manifest bundle-symbolicname org.apache.shiro.core Medium Product pom artifactid shiro-core Highest Product file name shiro-core High Product Manifest implementation-url https://shiro.apache.org/shiro-core/ Low Product pom groupid apache.shiro Highest Product pom parent-artifactid shiro-root Medium Product Manifest Implementation-Title Apache Shiro :: Core High Product Manifest Bundle-Name Apache Shiro :: Core Medium Product pom parent-groupid org.apache.shiro Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product pom name Apache Shiro :: Core High Version Manifest Implementation-Version 1.6.0 High Version file version 1.6.0 High Version pom version 1.6.0 Highest Version Manifest Bundle-Version 1.6.0 High
Related Dependencies simpleclient-0.5.0.jarDescription:
Core instrumentation library for the simpleclient.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/simpleclient-0.5.0.jar
MD5: 5ab0820156188bb24f211ac2319d9e5d
SHA1: fbbfe2300098798e3d23f93b7b14befeceacf512
SHA256: 68e20a01ec974f382553b763f58594416c3c652b7067d8aeccf1a5ea6c8b1d0d
Evidence Type Source Name Value Confidence Vendor pom artifactid simpleclient Low Vendor pom parent-artifactid parent Low Vendor jar package name io Highest Vendor Manifest bundle-symbolicname io.prometheus.simpleclient Medium Vendor jar package name prometheus Highest Vendor file name simpleclient High Vendor pom groupid io.prometheus Highest Vendor pom name Prometheus Java Simpleclient High Product jar package name io Highest Product pom parent-artifactid parent Medium Product Manifest Bundle-Name Prometheus Java Simpleclient Medium Product Manifest bundle-symbolicname io.prometheus.simpleclient Medium Product jar package name prometheus Highest Product file name simpleclient High Product pom artifactid simpleclient Highest Product pom groupid io.prometheus Highest Product pom name Prometheus Java Simpleclient High Version Manifest Bundle-Version 0.5.0 High Version file version 0.5.0 High Version pom version 0.5.0 Highest
slf4j-api-1.7.24.jarDescription:
The slf4j API File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/slf4j-api-1.7.24.jarMD5: d18638036e314cdd66f04e2d248b7df9SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor jar package name slf4j Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Low Vendor pom url http://www.slf4j.org Highest Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor file name slf4j-api High Product pom parent-artifactid slf4j-parent Medium Product Manifest Implementation-Title slf4j-api High Product pom groupid slf4j Highest Product pom parent-groupid org.slf4j Medium Product pom url http://www.slf4j.org Medium Product file name slf4j-api High Product pom artifactid slf4j-api Highest Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom name SLF4J API Module High Product jar package name slf4j Highest Product Manifest bundle-symbolicname slf4j.api Medium Version Manifest Implementation-Version 1.7.24 High Version Manifest Bundle-Version 1.7.24 High Version file version 1.7.24 High Version pom version 1.7.24 Highest
Related Dependencies slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-api-1.7.24.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/slf4j-api-1.7.24.jar MD5: d18638036e314cdd66f04e2d248b7df9 SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9 SHA256: baf3c7fe15fefeaf9e5b000d94547379dc48370f22a8797e239c127e7d7756ec slf4j-ext-1.6.3.jarDescription:
Extensions to the SLF4J API File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/slf4j-ext-1.6.3.jarMD5: 63e5735b6af6c5b018b1ac78f30ef09cSHA1: 5cd0f7bfbdefbb18bec7b6f152c9952795c0921bSHA256: b40a8c26ab766d2be2d0ec79df730fd77e414f09e706741318d0dea6252dafee
Evidence Type Source Name Value Confidence Vendor jar package name ext Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom parent-artifactid slf4j-parent Low Vendor jar package name slf4j Highest Vendor Manifest bundle-symbolicname slf4j.ext Medium Vendor pom name SLF4J Extensions Module High Vendor pom url http://www.slf4j.org Highest Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom artifactid slf4j-ext Low Vendor file name slf4j-ext High Product jar package name ext Highest Product pom parent-artifactid slf4j-parent Medium Product Manifest Implementation-Title slf4j-ext High Product pom name SLF4J Extensions Module High Product pom groupid slf4j Highest Product pom parent-groupid org.slf4j Medium Product pom url http://www.slf4j.org Medium Product file name slf4j-ext High Product pom artifactid slf4j-ext Highest Product Manifest Bundle-Name slf4j-log4j12 Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product jar package name slf4j Highest Product Manifest bundle-symbolicname slf4j.ext Medium Version file version 1.6.3 High Version Manifest Implementation-Version 1.6.3 High Version pom version 1.6.3 Highest Version Manifest Bundle-Version 1.6.3 High
Published Vulnerabilities CVE-2018-8088 suppress
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
snakeyaml-1.17.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/snakeyaml-1.17.jar
MD5: ab621c3cee316236ad04a6f0fe4dd17c
SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c
SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5
Evidence Type Source Name Value Confidence Vendor pom artifactid snakeyaml Low Vendor file name snakeyaml High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor jar package name yaml Highest Vendor jar package name snakeyaml Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor jar package name emitter Highest Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor pom groupid yaml Highest Vendor jar package name parser Highest Vendor pom name SnakeYAML High Vendor pom url http://www.snakeyaml.org Highest Product Manifest Bundle-Name SnakeYAML Medium Product file name snakeyaml High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product jar package name yaml Highest Product pom artifactid snakeyaml Highest Product jar package name snakeyaml Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product jar package name emitter Highest Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product pom groupid yaml Highest Product jar package name parser Highest Product pom url http://www.snakeyaml.org Medium Product pom name SnakeYAML High Version file version 1.17 High Version pom version 1.17 Highest
Related Dependencies snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 snakeyaml-1.17.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/snakeyaml-1.17.jar MD5: ab621c3cee316236ad04a6f0fe4dd17c SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c SHA256: 5666b36f9db46f06dd5a19d73bbff3b588d5969c0f4b8848fde0f5ec849430a5 Published Vulnerabilities CVE-2017-18640 suppress
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
spring-aspects-4.3.7.RELEASE.jarDescription:
Spring Aspects License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-aspects-4.3.7.RELEASE.jar
MD5: 52cc06bd15aeb716d7d493b642b8b0e9
SHA1: fa0671826a42f6bac5145ffbc78075493dcb4e8b
SHA256: 4e2fa55685042380fd46df5a8e0b445471398bd4366e5074ab56d651220c618b
Evidence Type Source Name Value Confidence Vendor hint analyzer vendor SpringSource Highest Vendor pom groupid springframework Highest Vendor pom artifactid spring-aspects Low Vendor file name spring-aspects High Vendor jar package name aspectj Low Vendor jar package name springframework Low Vendor pom url spring-projects/spring-framework Highest Vendor hint analyzer vendor vmware Highest Vendor central groupid org.springframework Highest Vendor pom organization url http://projects.spring.io/spring-framework Medium Vendor pom name Spring Aspects High Vendor pom organization name Spring IO High Vendor hint analyzer vendor pivotal software Highest Product file name spring-aspects High Product Manifest Implementation-Title spring-aspects High Product hint analyzer product springsource_spring_framework Highest Product pom organization url http://projects.spring.io/spring-framework Low Product jar package name aspectj Low Product pom organization name Spring IO Low Product pom url spring-projects/spring-framework High Product central artifactid spring-aspects Highest Product pom artifactid spring-aspects Highest Product pom name Spring Aspects High Product pom groupid springframework Highest Version Manifest Implementation-Version 4.3.7.RELEASE High Version pom version 4.3.7.RELEASE Highest Version central version 4.3.7.RELEASE Highest
Published Vulnerabilities CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1199 suppress
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1275 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-15756 suppress
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
spring-auto-restdocs-core-1.0.7.jarDescription:
Spring Auto REST Docs is an extension to Spring REST Docs File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-auto-restdocs-core-1.0.7.jarMD5: 36727e808ab84682a3afb312320687d2SHA1: 539fdf7691b60155292b989ce3e1df254c8d9cb3SHA256: 597dc9ffef317ffdc891fd9ba709958fcb8e97dba56b4bb09f576bc1386d2d7b
Evidence Type Source Name Value Confidence Vendor pom groupid capital.scalable Highest Vendor jar package name scalable Low Vendor jar package name capital Highest Vendor pom name Spring Auto REST Docs Core High Vendor pom artifactid spring-auto-restdocs-core Low Vendor file name spring-auto-restdocs-core High Vendor jar package name restdocs Highest Vendor pom parent-artifactid spring-auto-restdocs-parent Low Vendor jar package name scalable Highest Vendor jar package name capital Low Vendor jar package name restdocs Low Product pom groupid capital.scalable Highest Product jar package name scalable Low Product jar package name capital Highest Product pom artifactid spring-auto-restdocs-core Highest Product pom name Spring Auto REST Docs Core High Product file name spring-auto-restdocs-core High Product jar package name restdocs Highest Product jar package name scalable Highest Product pom parent-artifactid spring-auto-restdocs-parent Medium Product jar package name restdocs Low Version file version 1.0.7 High Version pom version 1.0.7 Highest
spring-batch-core-3.0.7.RELEASE.jarDescription:
Spring Batch Core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/spring-batch-core-3.0.7.RELEASE.jar
MD5: 9ed0b6ea0e143bd92f85c0f7caba7458
SHA1: b736f8c14550cdb1440e28bb6aa690a387a7aa57
SHA256: c77e58e893e007d9512e547431127c0c7555bc5c84f93cf1d76c34254dc0ad6a
Evidence Type Source Name Value Confidence Vendor file name spring-batch-core High Vendor pom organization url http://spring.io Medium Vendor pom name Spring Batch Core High Vendor pom artifactid spring-batch-core Low Vendor jar package name core Low Vendor central groupid org.springframework.batch Highest Vendor pom url http://projects.spring.io/spring-batch/ Highest Vendor jar package name batch Low Vendor pom groupid springframework.batch Highest Vendor pom organization name Spring High Vendor jar package name springframework Low Vendor hint analyzer vendor pivotal software Highest Product file name spring-batch-core High Product Manifest Implementation-Title spring-batch-core High Product jar package name core Highest Product central artifactid spring-batch-core Highest Product pom artifactid spring-batch-core Highest Product pom name Spring Batch Core High Product jar package name core Low Product jar package name batch Low Product pom groupid springframework.batch Highest Product pom organization url http://spring.io Low Product jar package name batch Highest Product pom organization name Spring Low Product pom url http://projects.spring.io/spring-batch/ Medium Version Manifest Implementation-Version 3.0.7.RELEASE High Version central version 3.0.7.RELEASE Highest Version pom version 3.0.7.RELEASE Highest
Related Dependencies spring-batch-infrastructure-3.0.7.RELEASE.jar Published Vulnerabilities CVE-2019-3774 suppress
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
spring-boot-1.5.2.RELEASE.jarDescription:
Spring Boot File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-boot-1.5.2.RELEASE.jarMD5: b1079a44277b381c3a5920272d230964SHA1: 46bb5d8c9ab5d3ef9e158ca5906ee7d3569befc1SHA256: 874ee5ee641928c3f6b16b7d11052a1f3a5d372db5bfa4673eb854f0c8b26c1a
Evidence Type Source Name Value Confidence Vendor pom groupid springframework.boot Highest Vendor Manifest implementation-url http://projects.spring.io/spring-boot/ Low Vendor pom organization name Pivotal Software, Inc. High Vendor pom name Spring Boot High Vendor Manifest Implementation-Vendor-Id org.springframework.boot Medium Vendor pom artifactid spring-boot Low Vendor pom parent-artifactid spring-boot-parent Low Vendor pom organization url http://www.spring.io Medium Vendor Manifest specification-vendor Pivotal Software, Inc. Low Vendor jar package name boot Highest Vendor jar package name springframework Highest Vendor file name spring-boot High Vendor pom url http://projects.spring.io/spring-boot/ Highest Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid springframework.boot Highest Product Manifest implementation-url http://projects.spring.io/spring-boot/ Low Product pom organization name Pivotal Software, Inc. Low Product pom name Spring Boot High Product Manifest specification-title Spring Boot Medium Product pom parent-artifactid spring-boot-parent Medium Product Manifest Implementation-Title Spring Boot High Product pom organization url http://www.spring.io Low Product pom artifactid spring-boot Highest Product pom parent-groupid org.springframework.boot Medium Product jar package name boot Highest Product pom url http://projects.spring.io/spring-boot/ Medium Product jar package name springframework Highest Product file name spring-boot High Version pom version 1.5.2.RELEASE Highest Version Manifest Implementation-Version 1.5.2.RELEASE High
Related Dependencies Published Vulnerabilities CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
spring-boot-admin-server-1.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-1.5.0.jarMD5: 3ec68814132c9c0ae8d4f95eafd7ca9dSHA1: 335560901d165a421f385ce7984e47b918bbefd6SHA256: 3f3fca2b92b9b6e1e662ba7887803743bfc1eb6e7c487003cac73c94e58a98d9
Evidence Type Source Name Value Confidence Vendor jar package name codecentric Highest Vendor pom groupid de.codecentric Highest Vendor jar package name admin Highest Vendor pom artifactid spring-boot-admin-server Low Vendor Manifest Implementation-Vendor-Id de.codecentric Medium Vendor pom parent-artifactid spring-boot-admin Low Vendor file name spring-boot-admin-server High Vendor jar package name de Highest Vendor Manifest implementation-url https://github.com/codecentric/spring-boot-admin/spring-boot-admin-server/ Low Vendor jar package name boot Highest Vendor hint analyzer vendor pivotal software Highest Vendor Manifest Implementation-Vendor codecentric AG High Product Manifest implementation-url https://github.com/codecentric/spring-boot-admin/spring-boot-admin-server/ Low Product jar package name codecentric Highest Product jar package name boot Highest Product pom artifactid spring-boot-admin-server Highest Product pom groupid de.codecentric Highest Product Manifest Implementation-Title spring-boot-admin-server High Product jar package name admin Highest Product pom parent-artifactid spring-boot-admin Medium Product file name spring-boot-admin-server High Product jar package name de Highest Version pom version 1.5.0 Highest Version file version 1.5.0 High Version Manifest Implementation-Version 1.5.0 High
Related Dependencies spring-boot-admin-server-ui-1.5.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar MD5: 187fdd90557e1e8fd183e5da039abe4f SHA1: 94e36b37088606f75eb88aec80543a49ae69c563 SHA256: e46fa241bb2198ec28733c823de9036f9542ac7f3946697d7047218d36d53454 pkg:maven/de.codecentric/spring-boot-admin-server-ui@1.5.0 Published Vulnerabilities CVE-2016-9878 suppress
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
spring-boot-admin-server-ui-1.5.0.jar: core.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/core.jsMD5: 96dde17482723b7dfbe80e9d2934cce1SHA1: a21d82734be96e8a862ef52f31a1c0b4750b8c3eSHA256: 62433993ec0ab7e683be402eef5dd8432b2780006073f34c103b09b327dbabd3
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: dependencies.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/dependencies.jsMD5: 57168e7802abcbc877c6ac858efecdceSHA1: e910e3a889e3a59154cc383be465f7aca7a21b8eSHA256: 405c6275a1aedf0c9da5ee6e350c6417c2cf1d9ea34cfc0772933d6da46d9e14
Evidence Type Source Name Value Confidence Vendor file name jquery High Vendor file name angularjs High Product file name jquery High Product file name angularjs High Version file version 3.1.1 High Version file version 1.5.8 High
Published Vulnerabilities CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 CVE-2020-7676 suppress
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.4) Vector: /AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 DOS in $sanitize (RETIREJS) suppress
DOS in $sanitize Unscored:
References:
Prototype pollution (RETIREJS) suppress
Prototype pollution Unscored:
References:
Universal CSP bypass via add-on in Firefox (RETIREJS) suppress
Universal CSP bypass via add-on in Firefox Unscored:
References:
XSS in $sanitize in Safari/Firefox (RETIREJS) suppress
XSS in $sanitize in Safari/Firefox Unscored:
References:
XSS through SVG if enableSvg is set (RETIREJS) suppress
XSS through SVG if enableSvg is set Unscored:
References:
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-metrics/module.jsMD5: 3dfed111f541deff8778f4edc81157a2SHA1: 65808785ba132115a3442984aad9b4d25eaae0f0SHA256: 7f42364ab031a1aafe6dc8103f721d4f65ff80dbb1af1a21aed6e5beeea2c82e
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-trace/module.jsMD5: 700d4a0db3c2e404b98d9049404c811eSHA1: bb0883bec2292600c92fc605c251f80fcef10cdeSHA256: 4af4983c2eb3919dfbe21e27257fd2917fda5be30b8e897053678028f0cfb8e3
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/events/module.jsMD5: bedbae08ee36438554e8d20144b68ee6SHA1: e97cf28980353d102fb3da150fc33b3632bd9e21SHA256: 833db3379e112bff225255e20279d3d12f4505c2455e47b5ab8ce091f04d2d27
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-liquibase/module.jsMD5: 6c8d5f2a780cc1eeda536aef944dea0cSHA1: 5756c0e9e99a4cf3b08744b04e4137f1c970de76SHA256: 2420421f03b22b02e5b144f2c8f23cce0a2698249e81e531c7f63dc2b2bc82c4
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-details/module.jsMD5: 5a4b11c123bf7a3388387b8cb6b6a5e2SHA1: bfba738c135f85853046e3a75856c1bc47bc0863SHA256: 53a3d537df82d9c522a7255df4b602f895566e1774ec0844634e88315c1fe1f9
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-environment/module.jsMD5: 6cf90e43671d4205e1c137fa809be7e4SHA1: 2b526c16cf8f752e226f6c85f3f3c3dc08aa12caSHA256: 4a2ed033daea41572f0814f5a9a8f2662067f09d55a50acf7b01bdcebeac797f
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/about/module.jsMD5: 732522411bf2c6f20f2be4595d25c2b8SHA1: 4a27a41e756b0a1dc4d7ac17d10e2cd24d13ea24SHA256: 46aa86818e704f4b8d5a03e4eb42340c5af5b62ca66bbc7e789da72f5f41fb57
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-auditevents/module.jsMD5: 68d5c314d20fa902dd6b5d489fd363b4SHA1: 6957d01f05a38e2d389a44b05c014c3a8e782102SHA256: 2c1837205b65e40fe4771fb1eb4641e5cb68f1a3b929d0247c2e509dcac8090a
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-flyway/module.jsMD5: 64ef419a8d9f9245b95eae0b2ebf6323SHA1: f2b968b3724202ea3c7c3e64cea03bc89efcb791SHA256: 9d9e61aef9506b6296bf1f09e5607a3b38a550c6415e4894414b322863c6e9a8
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-logfile/module.jsMD5: 76309f004e3525a8a31642fb6208a7aeSHA1: e646f53d18e4ea8f236d7030ced3cc18ecd060edSHA256: 8cb316e6a7600ccc411ad2c18a82014f2292d53a103772997d8ea2a41f6d41fc
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-threads/module.jsMD5: ed2dff1e0dd9e9b97105f03cf7fd2fe0SHA1: 44091c2611cff43373bf19d71e773f3d162b7486SHA256: bb812f2dbbf016aa246ac85171cef9368a0c188514115dcb594f97442b441f75
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-logging/module.jsMD5: 8e327853da45abf9bfde678b912406f4SHA1: 4767a178806ce9e463c8e5c27303672dcedeb34dSHA256: e4997774d8425065dd2df1197f278e37c9afe2887c71e65bc7aeab312420e748
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-heapdump/module.jsMD5: 0d3a43e927437df65c93bc2ad64da973SHA1: de96f27425d1d6d159b80f8d51b2c41d176ad414SHA256: 95255fb8c09a3748373f7e68864b39f3128c831f6e1af78eaf4443aed74db164
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications/module.jsMD5: 65ed48d947efa63f94d74be0dc9c8454SHA1: 27841a2e01f497ee8995e15b46c061a59f5fe6daSHA256: 28cfb0af245ad53db11321479e648958d4c9654b252b5613f3eb637a9bee607d
Evidence Type Source Name Value Confidence
spring-boot-admin-server-ui-1.5.0.jar: module.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-boot-admin-server-ui-1.5.0.jar/META-INF/spring-boot-admin-server-ui/applications-jmx/module.jsMD5: 05548333e18eafc29e421fd69f89991aSHA1: 3973dc98bf616677565076dcaded0c7517cdab77SHA256: a904d442f3b0e3ff11c11285d59b3ca2c72362d15e360a89dd240cfd34de67b0
Evidence Type Source Name Value Confidence
spring-boot-starter-batch-1.5.2.RELEASE.jarDescription:
Starter for using Spring Batch File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/spring-boot-starter-batch-1.5.2.RELEASE.jarMD5: 44baab849d95313526250cb5fc32a4e2SHA1: c5fbf797c20d3c9e618ce1022b4437b0eda5bc93SHA256: a95dd5224a9a666ee4e1ab2f186787c0faa595a42ee7ac96ff0a8d1e00283bdf
Evidence Type Source Name Value Confidence Vendor pom groupid springframework.boot Highest Vendor file name spring-boot-starter-batch High Vendor Manifest implementation-url http://projects.spring.io/spring-boot/ Low Vendor pom organization name Pivotal Software, Inc. High Vendor Manifest Implementation-Vendor-Id org.springframework.boot Medium Vendor pom organization url http://www.spring.io Medium Vendor pom artifactid spring-boot-starter-batch Low Vendor pom name Spring Boot Batch Starter High Vendor Manifest specification-vendor Pivotal Software, Inc. Low Vendor pom url http://projects.spring.io/spring-boot/ Highest Vendor pom parent-artifactid spring-boot-starters Low Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid springframework.boot Highest Product file name spring-boot-starter-batch High Product Manifest implementation-url http://projects.spring.io/spring-boot/ Low Product pom organization name Pivotal Software, Inc. Low Product Manifest Implementation-Title Spring Boot Batch Starter High Product pom parent-artifactid spring-boot-starters Medium Product pom artifactid spring-boot-starter-batch Highest Product pom organization url http://www.spring.io Low Product pom name Spring Boot Batch Starter High Product pom parent-groupid org.springframework.boot Medium Product pom url http://projects.spring.io/spring-boot/ Medium Product Manifest specification-title Spring Boot Batch Starter Medium Version pom version 1.5.2.RELEASE Highest Version Manifest Implementation-Version 1.5.2.RELEASE High
Published Vulnerabilities CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-3774 suppress
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
spring-boot-starter-data-redis-1.5.2.RELEASE.jarDescription:
Starter for using Redis key-value data store with Spring Data Redis and
the Jedis client File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/spring-boot-starter-data-redis-1.5.2.RELEASE.jarMD5: d90ac6cea8dcaf55826cb85648307cd7SHA1: 6b4c950f0ea2e9ccd822c7730a9ce4320416183dSHA256: 309db515f55fd2651931929aaf743f01a30745cc30cfc50172cec2be32767a88
Evidence Type Source Name Value Confidence Vendor pom groupid springframework.boot Highest Vendor Manifest implementation-url http://projects.spring.io/spring-boot/ Low Vendor pom organization name Pivotal Software, Inc. High Vendor Manifest Implementation-Vendor-Id org.springframework.boot Medium Vendor pom organization url http://www.spring.io Medium Vendor pom name Spring Boot Data Redis Starter High Vendor Manifest specification-vendor Pivotal Software, Inc. Low Vendor file name spring-boot-starter-data-redis High Vendor pom url http://projects.spring.io/spring-boot/ Highest Vendor pom parent-artifactid spring-boot-starters Low Vendor pom artifactid spring-boot-starter-data-redis Low Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid springframework.boot Highest Product Manifest implementation-url http://projects.spring.io/spring-boot/ Low Product pom organization name Pivotal Software, Inc. Low Product pom parent-artifactid spring-boot-starters Medium Product pom organization url http://www.spring.io Low Product pom name Spring Boot Data Redis Starter High Product pom parent-groupid org.springframework.boot Medium Product file name spring-boot-starter-data-redis High Product pom artifactid spring-boot-starter-data-redis Highest Product pom url http://projects.spring.io/spring-boot/ Medium Product Manifest Implementation-Title Spring Boot Data Redis Starter High Product Manifest specification-title Spring Boot Data Redis Starter Medium Version pom version 1.5.2.RELEASE Highest Version Manifest Implementation-Version 1.5.2.RELEASE High
Published Vulnerabilities CVE-2017-8046 suppress
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1196 suppress
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
spring-cloud-commons-1.2.0.RELEASE.jarDescription:
Spring Cloud Commons File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-cloud-commons-1.2.0.RELEASE.jarMD5: 1f531d264add9eea24c4168df3e0452bSHA1: de0024fa88cc6c1ecbc30980e15acf25c0f5ef21SHA256: cfc59d0d3963047d9ed1fa7617def5b7132ccb614f7885b02366c5ddbb9d1099
Evidence Type Source Name Value Confidence Vendor Manifest implementation-url https://projects.spring.io/spring-cloud/spring-cloud-commons/ Low Vendor pom groupid springframework.cloud Highest Vendor pom parent-artifactid spring-cloud-commons-parent Low Vendor jar package name cloud Highest Vendor pom parent-groupid org.springframework.cloud Medium Vendor pom artifactid spring-cloud-commons Low Vendor file name spring-cloud-commons High Vendor Manifest Implementation-Vendor-Id org.springframework.cloud Medium Vendor jar package name springframework Highest Vendor jar package name commons Highest Vendor pom name Spring Cloud Commons High Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product Manifest implementation-url https://projects.spring.io/spring-cloud/spring-cloud-commons/ Low Product pom groupid springframework.cloud Highest Product jar package name springframework Highest Product Manifest Implementation-Title Spring Cloud Commons High Product jar package name commons Highest Product jar package name cloud Highest Product pom parent-groupid org.springframework.cloud Medium Product pom parent-artifactid spring-cloud-commons-parent Medium Product pom name Spring Cloud Commons High Product file name spring-cloud-commons High Product pom artifactid spring-cloud-commons Highest Version Manifest Implementation-Version 1.2.0.RELEASE High Version pom version 1.2.0.RELEASE Highest
spring-cloud-context-1.2.0.RELEASE.jarDescription:
Spring Cloud Context File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-cloud-context-1.2.0.RELEASE.jarMD5: 2d03c41579eeecae1e1ebbad7305e363SHA1: 4f2a9fa553883dedc21587e45080b67911fb7d26SHA256: 9a33cffa25fe7cbe225449ddf659fa04b580b6ceb88a9686b04bc352c0f9bb05
Evidence Type Source Name Value Confidence Vendor pom groupid springframework.cloud Highest Vendor jar package name context Highest Vendor pom parent-artifactid spring-cloud-commons-parent Low Vendor pom artifactid spring-cloud-context Low Vendor pom name Spring Cloud Context High Vendor file name spring-cloud-context High Vendor jar package name cloud Highest Vendor pom parent-groupid org.springframework.cloud Medium Vendor Manifest Implementation-Vendor-Id org.springframework.cloud Medium Vendor jar package name springframework Highest Vendor Manifest implementation-url https://projects.spring.io/spring-cloud/spring-cloud-context/ Low Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product Manifest Implementation-Title Spring Cloud Context High Product pom groupid springframework.cloud Highest Product jar package name context Highest Product jar package name springframework Highest Product pom name Spring Cloud Context High Product file name spring-cloud-context High Product pom artifactid spring-cloud-context Highest Product Manifest implementation-url https://projects.spring.io/spring-cloud/spring-cloud-context/ Low Product jar package name cloud Highest Product pom parent-groupid org.springframework.cloud Medium Product pom parent-artifactid spring-cloud-commons-parent Medium Version Manifest Implementation-Version 1.2.0.RELEASE High Version pom version 1.2.0.RELEASE Highest
spring-cloud-netflix-core-1.3.0.RELEASE.jarDescription:
Spring Cloud Netflix Core File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-cloud-netflix-core-1.3.0.RELEASE.jarMD5: 215eaa55f8a85dea09e135de5ecad7e8SHA1: 1ad134229d53e9263f08124d62c65882c5dee8e7SHA256: 5a1db3700bfda1220938df7c26e243db31bb8d05a0f17c981847522833dff4b9
Evidence Type Source Name Value Confidence Vendor pom groupid springframework.cloud Highest Vendor Manifest implementation-url https://spring.io/spring-cloud/spring-cloud-netflix/spring-cloud-netflix-core Low Vendor jar package name cloud Highest Vendor pom parent-groupid org.springframework.cloud Medium Vendor pom name Spring Cloud Netflix Core High Vendor Manifest Implementation-Vendor-Id org.springframework.cloud Medium Vendor pom parent-artifactid spring-cloud-netflix Low Vendor jar package name springframework Highest Vendor pom artifactid spring-cloud-netflix-core Low Vendor jar package name netflix Highest Vendor file name spring-cloud-netflix-core High Vendor Manifest Implementation-Vendor Pivotal Software, Inc. High Product pom groupid springframework.cloud Highest Product pom artifactid spring-cloud-netflix-core Highest Product Manifest Implementation-Title Spring Cloud Netflix Core High Product pom parent-artifactid spring-cloud-netflix Medium Product jar package name springframework Highest Product jar package name netflix Highest Product Manifest implementation-url https://spring.io/spring-cloud/spring-cloud-netflix/spring-cloud-netflix-core Low Product file name spring-cloud-netflix-core High Product jar package name cloud Highest Product pom parent-groupid org.springframework.cloud Medium Product pom name Spring Cloud Netflix Core High Version Manifest Implementation-Version 1.3.0.RELEASE High Version pom version 1.3.0.RELEASE Highest
spring-context-support-1.0.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/spring-context-support-1.0.5.jarMD5: f08cbade1a26650be0daa2f16e42bd19SHA1: f5243e823345f9d228efe51008507f166261f66cSHA256: 70859e39b5c6305848ccc04b2010f1461c7ebb016d8df08d82c8c04922e44bd0
Evidence Type Source Name Value Confidence Vendor jar package name alibaba Highest Vendor pom groupid alibaba.spring Highest Vendor jar package name context Highest Vendor file name spring-context-support High Vendor jar package name spring Low Vendor jar package name spring Highest Vendor jar package name alibaba Low Vendor pom artifactid spring-context-support Low Product jar package name alibaba Highest Product pom groupid alibaba.spring Highest Product jar package name context Highest Product file name spring-context-support High Product jar package name spring Low Product jar package name spring Highest Product pom artifactid spring-context-support Highest Version pom version 1.0.5 Highest Version file version 1.0.5 High
spring-core-4.3.7.RELEASE.jarDescription:
Spring Core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/spring-core-4.3.7.RELEASE.jar
MD5: bfe2809bd044dc97cfca5db00e8ab1e4
SHA1: 54fa2db94cc7222edc90ec71354e47cd1dc07f7b
SHA256: fff510e18dbe8f3bb9eec0dcfd253615b820be9f15e51b788db2440b05384aaa
Evidence Type Source Name Value Confidence Vendor pom name Spring Core High Vendor hint analyzer vendor SpringSource Highest Vendor jar package name core Low Vendor pom groupid springframework Highest Vendor jar package name springframework Low Vendor pom url spring-projects/spring-framework Highest Vendor hint analyzer vendor vmware Highest Vendor central groupid org.springframework Highest Vendor pom organization url http://projects.spring.io/spring-framework Medium Vendor pom artifactid spring-core Low Vendor pom organization name Spring IO High Vendor hint analyzer vendor pivotal software Highest Vendor file name spring-core High Product pom name Spring Core High Product hint analyzer product springsource_spring_framework Highest Product pom organization url http://projects.spring.io/spring-framework Low Product pom organization name Spring IO Low Product pom url spring-projects/spring-framework High Product jar package name core Highest Product jar package name core Low Product pom groupid springframework Highest Product central artifactid spring-core Highest Product pom artifactid spring-core Highest Product file name spring-core High Product Manifest Implementation-Title spring-core High Version Manifest Implementation-Version 4.3.7.RELEASE High Version pom version 4.3.7.RELEASE Highest Version central version 4.3.7.RELEASE Highest
Related Dependencies Published Vulnerabilities CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1199 suppress
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1275 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-15756 suppress
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
spring-data-commons-1.13.1.RELEASE.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-data-commons-1.13.1.RELEASE.jarMD5: 376b1dce8f8530301ef1834d773138fcSHA1: 4e4257f2eb3f191613b4b000d43e8d0c3ff4457eSHA256: 4ec5af43f6b06d676916007d3a551862710c782309d1ded4e231c22479669d2d
Evidence Type Source Name Value Confidence Vendor pom artifactid spring-data-commons Low Vendor pom parent-artifactid spring-data-parent Low Vendor jar package name springframework Highest Vendor file name spring-data-commons High Vendor Manifest bundle-symbolicname org.springframework.data.core Medium Vendor pom parent-groupid org.springframework.data.build Medium Vendor jar package name core Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor pom groupid springframework.data Highest Vendor pom name Spring Data Core High Vendor jar package name data Highest Product pom parent-artifactid spring-data-parent Medium Product file name spring-data-commons High Product Manifest bundle-symbolicname org.springframework.data.core Medium Product pom parent-groupid org.springframework.data.build Medium Product jar package name core Highest Product pom artifactid spring-data-commons Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product pom name Spring Data Core High Product jar package name data Highest Product jar package name springframework Highest Product Manifest Bundle-Name spring-data-commons Medium Product pom groupid springframework.data Highest Version pom version 1.13.1.RELEASE Highest Version pom parent-version 1.13.1.RELEASE Low Version Manifest Bundle-Version 1.13.1.RELEASE High
Related Dependencies spring-data-commons-1.13.1.RELEASE.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/spring-data-commons-1.13.1.RELEASE.jar MD5: 376b1dce8f8530301ef1834d773138fc SHA1: 4e4257f2eb3f191613b4b000d43e8d0c3ff4457e SHA256: 4ec5af43f6b06d676916007d3a551862710c782309d1ded4e231c22479669d2d Published Vulnerabilities CVE-2018-1259 (OSSINDEX) suppress
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system. CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.data:spring-data-commons:1.13.1.RELEASE:*:*:*:*:*:*:* CVE-2018-1273 (OSSINDEX) suppress
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.data:spring-data-commons:1.13.1.RELEASE:*:*:*:*:*:*:* CVE-2018-1274 (OSSINDEX) suppress
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption). CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.data:spring-data-commons:1.13.1.RELEASE:*:*:*:*:*:*:* spring-data-keyvalue-1.2.1.RELEASE.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/spring-data-keyvalue-1.2.1.RELEASE.jarMD5: ec9c7b7f16b29929143b36955049b09fSHA1: 993c7ec323601450e0dd22f010de3e94f2b7ba56SHA256: 97b4de501fe866cbda7225e3540bc55213a28ac67dd6c8c6ce27cfcb680ea9d7
Evidence Type Source Name Value Confidence Vendor pom name Spring Data KeyValue High Vendor pom parent-artifactid spring-data-parent Low Vendor jar package name keyvalue Highest Vendor jar package name springframework Highest Vendor pom parent-groupid org.springframework.data.build Medium Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor pom groupid springframework.data Highest Vendor file name spring-data-keyvalue High Vendor Manifest bundle-symbolicname org.springframework.data.keyvalue Medium Vendor pom artifactid spring-data-keyvalue Low Vendor jar package name data Highest Product pom parent-artifactid spring-data-parent Medium Product pom parent-groupid org.springframework.data.build Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product file name spring-data-keyvalue High Product pom artifactid spring-data-keyvalue Highest Product Manifest bundle-symbolicname org.springframework.data.keyvalue Medium Product jar package name data Highest Product pom name Spring Data KeyValue High Product jar package name keyvalue Highest Product jar package name springframework Highest Product Manifest Bundle-Name spring-data-keyvalue Medium Product pom groupid springframework.data Highest Version Manifest Bundle-Version 1.2.1.RELEASE High Version pom parent-version 1.2.1.RELEASE Low Version pom version 1.2.1.RELEASE Highest
spring-data-redis-1.8.1.RELEASE.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/spring-data-redis-1.8.1.RELEASE.jarMD5: ba1dd3e69c202a9edafea038b1edaaedSHA1: a1bc2034d8b00090edb991f208d491e78d610457SHA256: bb62b27cf9246b49932ce340ec47252ad73746c3c18eba4e5e5df7329af41258
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.springframework.data.redis Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.6 Low Vendor pom parent-artifactid spring-data-parent Low Vendor file name spring-data-redis High Vendor jar package name springframework Highest Vendor pom parent-groupid org.springframework.data.build Medium Vendor pom artifactid spring-data-redis Low Vendor jar package name redis Highest Vendor pom name Spring Data Redis High Vendor pom groupid springframework.data Highest Vendor jar package name data Highest Product pom parent-artifactid spring-data-parent Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.6 Low Product file name spring-data-redis High Product pom parent-groupid org.springframework.data.build Medium Product pom name Spring Data Redis High Product Manifest Bundle-Name spring-data-redis Medium Product jar package name data Highest Product Manifest bundle-symbolicname org.springframework.data.redis Medium Product jar package name springframework Highest Product jar package name redis Highest Product pom groupid springframework.data Highest Product pom artifactid spring-data-redis Highest Version Manifest Bundle-Version 1.8.1.RELEASE High Version pom version 1.8.1.RELEASE Highest Version pom parent-version 1.8.1.RELEASE Low
spring-oxm-4.3.7.RELEASE.jarDescription:
Spring Object/XML Marshalling License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/spring-oxm-4.3.7.RELEASE.jar
MD5: c09466a060334515f04a0f82b42547f1
SHA1: 8919cafd01bba4c8dac4ec91f8c8f9060fa888d3
SHA256: c0d5d51ceaf46d7ebbdb6881434d90bb75b158fc673b8138dcc53e45bd399cbb
Evidence Type Source Name Value Confidence Vendor hint analyzer vendor SpringSource Highest Vendor jar package name oxm Low Vendor pom groupid springframework Highest Vendor jar package name springframework Low Vendor pom artifactid spring-oxm Low Vendor pom url spring-projects/spring-framework Highest Vendor hint analyzer vendor vmware Highest Vendor central groupid org.springframework Highest Vendor pom organization url http://projects.spring.io/spring-framework Medium Vendor file name spring-oxm High Vendor pom organization name Spring IO High Vendor hint analyzer vendor pivotal software Highest Vendor pom name Spring Object/XML Marshalling High Product hint analyzer product springsource_spring_framework Highest Product pom organization url http://projects.spring.io/spring-framework Low Product central artifactid spring-oxm Highest Product pom organization name Spring IO Low Product pom url spring-projects/spring-framework High Product jar package name oxm Low Product jar package name oxm Highest Product Manifest Implementation-Title spring-oxm High Product pom groupid springframework Highest Product pom artifactid spring-oxm Highest Product file name spring-oxm High Product pom name Spring Object/XML Marshalling High Version Manifest Implementation-Version 4.3.7.RELEASE High Version pom version 4.3.7.RELEASE Highest Version central version 4.3.7.RELEASE Highest
Related Dependencies spring-context-support-4.3.7.RELEASE.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/spring-context-support-4.3.7.RELEASE.jar MD5: 98859485f20654a4ad44e0a4d5998756 SHA1: 7e48f8daf207c06cf0229889a456073832359742 SHA256: 94149df88803b534d6d289b54366715e2c5e7d5302de93e2bb467d16b347208c pkg:maven/org.springframework/spring-context-support@4.3.7.RELEASE Published Vulnerabilities CVE-2018-11039 suppress
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1199 suppress
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (6.0) Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1275 suppress
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. CWE-358 Improperly Implemented Security Check for Standard
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-15756 suppress
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-5421 suppress
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. NVD-CWE-noinfo
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N References:
Vulnerable Software & Versions: (show all )
spring-plugin-core-1.2.0.RELEASE.jarDescription:
Core plugin infrastructure File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-plugin-core-1.2.0.RELEASE.jarMD5: 4e6325e5ed2c1aa1949313c184d83640SHA1: f380e7760032e7d929184f8ad8a33716b75c0657SHA256: de8d411556cccbb9a68a4b40f847e473593336412de86fb3f6f7f61f3923c09e
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.springframework.plugin Medium Vendor pom artifactid spring-plugin-core Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.6 Low Vendor jar package name springframework Highest Vendor pom parent-artifactid spring-plugin Low Vendor pom name Spring Plugin - Core High Vendor Manifest bundle-symbolicname spring-plugin-core Medium Vendor jar package name core Highest Vendor pom groupid springframework.plugin Highest Vendor jar package name plugin Highest Vendor file name spring-plugin-core High Product pom parent-artifactid spring-plugin Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.6 Low Product pom name Spring Plugin - Core High Product jar package name core Highest Product jar package name plugin Highest Product Manifest Bundle-Name spring-plugin-core Medium Product pom parent-groupid org.springframework.plugin Medium Product jar package name springframework Highest Product Manifest bundle-symbolicname spring-plugin-core Medium Product pom groupid springframework.plugin Highest Product pom artifactid spring-plugin-core Highest Product file name spring-plugin-core High Version Manifest Bundle-Version 1.2.0.RELEASE High Version pom version 1.2.0.RELEASE Highest
spring-plugin-metadata-1.2.0.RELEASE.jarDescription:
Extension package for metadata based plugins File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-plugin-metadata-1.2.0.RELEASE.jarMD5: 63a461c6e878b1a510f0bb5c58b7ade7SHA1: 97223fc496b6cab31602eedbd4202aa4fff0d44fSHA256: aa58a6e6d038553b6bfae03bd18cd985e4bfb37cb2fb6406551b87f57283b00a
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.springframework.plugin Medium Vendor pom artifactid spring-plugin-metadata Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.6 Low Vendor jar package name metadata Highest Vendor jar package name springframework Highest Vendor pom name Spring Plugin - Metadata Extension High Vendor pom parent-artifactid spring-plugin Low Vendor Manifest bundle-symbolicname spring-plugin-metadata Medium Vendor pom groupid springframework.plugin Highest Vendor jar package name plugin Highest Vendor file name spring-plugin-metadata High Product pom parent-artifactid spring-plugin Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.6 Low Product pom name Spring Plugin - Metadata Extension High Product jar package name plugin Highest Product Manifest Bundle-Name spring-plugin-metadata Medium Product pom parent-groupid org.springframework.plugin Medium Product jar package name metadata Highest Product jar package name springframework Highest Product pom artifactid spring-plugin-metadata Highest Product Manifest bundle-symbolicname spring-plugin-metadata Medium Product pom groupid springframework.plugin Highest Product file name spring-plugin-metadata High Version Manifest Bundle-Version 1.2.0.RELEASE High Version pom version 1.2.0.RELEASE Highest
spring-restdocs-core-1.1.2.RELEASE.jarDescription:
Spring REST Docs Core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-restdocs-core-1.1.2.RELEASE.jar
MD5: d5f3cb36478548b05ad0e68849af6cfe
SHA1: 61ba63f3ce3011e23951a69e0b8143ef13b6b12c
SHA256: c433de4a512ac2cfb90af767c76f8ff0e3f289b54a8ea5c585873574560439f0
Evidence Type Source Name Value Confidence Vendor pom organization url http://projects.spring.io/spring-restdocs Medium Vendor pom groupid springframework.restdocs Highest Vendor jar package name springframework Low Vendor pom url spring-projects/spring-restdocs Highest Vendor central groupid org.springframework.restdocs Highest Vendor pom artifactid spring-restdocs-core Low Vendor file name spring-restdocs-core High Vendor jar package name restdocs Low Vendor pom organization name Spring IO High Vendor pom name Spring REST Docs Core High Product pom groupid springframework.restdocs Highest Product pom artifactid spring-restdocs-core Highest Product pom organization name Spring IO Low Product file name spring-restdocs-core High Product jar package name restdocs Low Product pom url spring-projects/spring-restdocs High Product central artifactid spring-restdocs-core Highest Product pom organization url http://projects.spring.io/spring-restdocs Low Product pom name Spring REST Docs Core High Version central version 1.1.2.RELEASE Highest Version pom version 1.1.2.RELEASE Highest
spring-restdocs-mockmvc-1.1.2.RELEASE.jarDescription:
Spring REST Docs MockMvc License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/spring-restdocs-mockmvc-1.1.2.RELEASE.jar
MD5: 81ac13c98d6e077bdf66f0ba0b0c25ee
SHA1: c1bde872eab6e5cc0e037af386b1f21553cb06cf
SHA256: 7195b3c3c52cd5cec41e04316ae833c8e0d3093a9db6a8fa755bfbf669f8fc3c
Evidence Type Source Name Value Confidence Vendor pom organization url http://projects.spring.io/spring-restdocs Medium Vendor pom groupid springframework.restdocs Highest Vendor pom name Spring REST Docs MockMvc High Vendor jar package name springframework Low Vendor pom url spring-projects/spring-restdocs Highest Vendor pom artifactid spring-restdocs-mockmvc Low Vendor file name spring-restdocs-mockmvc High Vendor central groupid org.springframework.restdocs Highest Vendor jar package name restdocs Low Vendor pom organization name Spring IO High Vendor jar package name mockmvc Low Product pom groupid springframework.restdocs Highest Product central artifactid spring-restdocs-mockmvc Highest Product pom artifactid spring-restdocs-mockmvc Highest Product pom name Spring REST Docs MockMvc High Product pom organization name Spring IO Low Product file name spring-restdocs-mockmvc High Product jar package name restdocs Low Product pom url spring-projects/spring-restdocs High Product jar package name mockmvc Low Product pom organization url http://projects.spring.io/spring-restdocs Low Version central version 1.1.2.RELEASE Highest Version pom version 1.1.2.RELEASE Highest
spring-retry-1.2.0.RELEASE.jarDescription:
Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/spring-retry-1.2.0.RELEASE.jar
MD5: 045ebabdaf902bac8af8e8d83a236346
SHA1: 4e2b3ea37df07ef6fd905696f1aa5d50128c2782
SHA256: b3b8665be8894c21677598c9190d50df48742800deadc67bdd030ea7e69a8724
Evidence Type Source Name Value Confidence Vendor jar package name retry Highest Vendor file name spring-retry High Vendor pom artifactid spring-retry Low Vendor jar package name policy Highest Vendor pom url http://www.springsource.org Highest Vendor pom organization name SpringSource High Vendor pom groupid springframework.retry Highest Vendor pom name Spring Retry High Vendor pom organization url http://www.springsource.com Medium Vendor jar package name springframework Highest Vendor jar package name springframework Low Vendor jar package name backoff Highest Vendor jar package name retry Low Product pom organization url http://www.springsource.com Low Product pom url http://www.springsource.org Medium Product jar package name retry Highest Product file name spring-retry High Product jar package name policy Highest Product pom groupid springframework.retry Highest Product pom name Spring Retry High Product pom organization name SpringSource Low Product jar package name springframework Highest Product pom artifactid spring-retry Highest Product jar package name backoff Highest Product jar package name retry Low Version pom version 1.2.0.RELEASE Highest
spring-security-crypto-4.2.2.RELEASE.jarDescription:
spring-security-crypto License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/spring-security-crypto-4.2.2.RELEASE.jar
MD5: 778150c2ad2b2b857819de08568d10b5
SHA1: 713ae22bcef55ae21ca1967d7cb217a1efab5dbf
SHA256: 21051eb56dc16338a4fe9b5d61a2cf8dff5d51087e8020ecd152ed9b0f2bdc51
Evidence Type Source Name Value Confidence Vendor pom groupid springframework.security Highest Vendor pom url http://spring.io/spring-security Highest Vendor central groupid org.springframework.security Highest Vendor file name spring-security-crypto High Vendor Manifest can-redefine-classes true Low Vendor pom artifactid spring-security-crypto Low Vendor Manifest agent-class true Low Vendor Manifest can-set-native-method-prefix false Low Vendor jar package name crypto Low Vendor pom organization name spring.io High Vendor Manifest can-retransform-classes true Low Vendor jar package name springframework Low Vendor jar package name security Low Vendor Manifest premain-class true Low Vendor pom organization url http://spring.io/ Medium Vendor hint analyzer vendor pivotal software Highest Vendor pom name spring-security-crypto High Product pom groupid springframework.security Highest Product pom artifactid spring-security-crypto Highest Product file name spring-security-crypto High Product pom url http://spring.io/spring-security Medium Product Manifest can-redefine-classes true Low Product Manifest agent-class true Low Product Manifest can-set-native-method-prefix false Low Product jar package name crypto Low Product Manifest Implementation-Title spring-security-crypto High Product Manifest can-retransform-classes true Low Product jar package name security Low Product central artifactid spring-security-crypto Highest Product jar package name crypto Highest Product pom organization name spring.io Low Product pom organization url http://spring.io/ Low Product jar package name security Highest Product Manifest premain-class true Low Product pom name spring-security-crypto High Version pom version 4.2.2.RELEASE Highest Version central version 4.2.2.RELEASE Highest Version Manifest Implementation-Version 4.2.2.RELEASE High
Published Vulnerabilities CVE-2017-4995 suppress
An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-1199 suppress
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1258 suppress
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CWE-863 Incorrect Authorization
CVSSv2:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-11272 suppress
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". CWE-522 Insufficiently Protected Credentials
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L References:
Vulnerable Software & Versions:
CVE-2019-3795 suppress
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. CWE-332 Insufficient Entropy in PRNG
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-5408 suppress
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. CWE-330 Use of Insufficiently Random Values
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
springfox-bean-validators-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-bean-validators-2.5.0.jar
MD5: febfcd49f1b2654c7dd329c3aad902d7
SHA1: da1d452831cca4a75c7343cfa4f2a699a3861375
SHA256: 91eff1b77957d9a9c8b22b7aacbdcb3a7a28f215143ea8d411040d792ba8dbf1
Evidence Type Source Name Value Confidence Vendor Manifest build-time 2016-06-06T19:03:48-0500 Low Vendor jar package name springfox Low Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor pom artifactid springfox-bean-validators Low Vendor jar package name validators Low Vendor file name springfox-bean-validators High Vendor jar package name bean Low Vendor central groupid io.springfox Highest Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor pom name springfox-bean-validators High Vendor pom groupid io.springfox Highest Product pom url springfox/springfox High Product jar package name springfox Highest Product Manifest build-time 2016-06-06T19:03:48-0500 Low Product jar package name bean Highest Product jar package name plugins Low Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product central artifactid springfox-bean-validators Highest Product pom artifactid springfox-bean-validators Highest Product jar package name validators Low Product file name springfox-bean-validators High Product Manifest Implementation-Title springfox-bean-validators High Product jar package name validators Highest Product jar package name bean Low Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product pom name springfox-bean-validators High Product pom groupid io.springfox Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-core-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-core-2.5.0.jar
MD5: aeb8465ba7e601c373648a59a5f33afa
SHA1: 5b2310cd6b2cf584b81a14edf12e522abc966255
SHA256: 8a5bdc19f95a7e0aa4942b67e08b9fa456da1d2817da67750de8301f1e9c4088
Evidence Type Source Name Value Confidence Vendor pom artifactid springfox-core Low Vendor central groupid io.springfox Highest Vendor pom name springfox-core High Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:48-0500 Low Vendor jar package name springfox Low Vendor file name springfox-core High Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor jar package name documentation Low Vendor pom groupid io.springfox Highest Product Manifest Implementation-Title springfox-core High Product pom url springfox/springfox High Product jar package name springfox Highest Product Manifest build-time 2016-06-06T19:03:48-0500 Low Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product jar package name documentation Low Product pom name springfox-core High Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product central artifactid springfox-core Highest Product file name springfox-core High Product pom artifactid springfox-core Highest Product pom groupid io.springfox Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-schema-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-schema-2.5.0.jar
MD5: fe413997108f58ceccb3eb2daeafb41c
SHA1: 2716c322aff0cf2684715b6022f1edb7dacb8f67
SHA256: 10a84e784bbd0f917a8346d58b9c7ea5e8fc89cc7027a89c4d62c9f5bc95b265
Evidence Type Source Name Value Confidence Vendor file name springfox-schema High Vendor jar package name schema Low Vendor jar package name springfox Low Vendor pom artifactid springfox-schema Low Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor jar package name documentation Low Vendor central groupid io.springfox Highest Vendor pom name springfox-schema High Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:49-0500 Low Vendor pom groupid io.springfox Highest Product file name springfox-schema High Product pom url springfox/springfox High Product jar package name springfox Highest Product jar package name schema Low Product Manifest Implementation-Title springfox-schema High Product pom artifactid springfox-schema Highest Product jar package name property Low Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product jar package name documentation Low Product pom name springfox-schema High Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product central artifactid springfox-schema Highest Product Manifest build-time 2016-06-06T19:03:49-0500 Low Product jar package name schema Highest Product pom groupid io.springfox Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-spi-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-spi-2.5.0.jar
MD5: 11d4862c8fb4b37af73ba2c3aa3b909c
SHA1: 1b439a0b05feee1e1af8ca35c0d35b38096f7601
SHA256: 08a3e20ca1690ef4e871f0af3aab083d7290b2bd2500a1f83ccff129f9c23e59
Evidence Type Source Name Value Confidence Vendor file name springfox-spi High Vendor jar package name spi Low Vendor jar package name springfox Low Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor jar package name documentation Low Vendor pom artifactid springfox-spi Low Vendor central groupid io.springfox Highest Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:49-0500 Low Vendor pom groupid io.springfox Highest Vendor pom name springfox-spi High Product pom url springfox/springfox High Product file name springfox-spi High Product jar package name service Low Product jar package name springfox Highest Product jar package name spi Low Product Manifest Implementation-Title springfox-spi High Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product jar package name documentation Low Product pom artifactid springfox-spi Highest Product central artifactid springfox-spi Highest Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product Manifest build-time 2016-06-06T19:03:49-0500 Low Product jar package name spi Highest Product pom groupid io.springfox Highest Product pom name springfox-spi High Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-spring-web-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-spring-web-2.5.0.jar
MD5: 491d6b3574e77100f98d58d21602e736
SHA1: 88adc4f0c85b06a9f47222ab68c6230a24d08ee0
SHA256: 6a4d5b8684559c72138395a777597c543f984207c5e22734b714b940084f2c94
Evidence Type Source Name Value Confidence Vendor jar package name spring Low Vendor jar package name springfox Low Vendor pom name springfox-spring-web High Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor jar package name documentation Low Vendor pom artifactid springfox-spring-web Low Vendor file name springfox-spring-web High Vendor central groupid io.springfox Highest Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:49-0500 Low Vendor pom groupid io.springfox Highest Product pom url springfox/springfox High Product jar package name web Highest Product jar package name springfox Highest Product jar package name spring Low Product pom name springfox-spring-web High Product jar package name web Low Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product jar package name documentation Low Product file name springfox-spring-web High Product Manifest Implementation-Title springfox-spring-web High Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product Manifest build-time 2016-06-06T19:03:49-0500 Low Product central artifactid springfox-spring-web Highest Product pom artifactid springfox-spring-web Highest Product pom groupid io.springfox Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-staticdocs-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-staticdocs-2.5.0.jar
MD5: b3b7a07fa38928210f63dac1ccc50571
SHA1: e500bfa4ed9935924e4c98cdf87b41bdef7870ac
SHA256: 67a4b545474fa43d338972e003fec345376500dbbd3c301ae2f416cd52be5661
Evidence Type Source Name Value Confidence Vendor jar package name springfox Low Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor jar package name documentation Low Vendor jar package name staticdocs Low Vendor pom name springfox-staticdocs High Vendor central groupid io.springfox Highest Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:49-0500 Low Vendor file name springfox-staticdocs High Vendor pom artifactid springfox-staticdocs Low Vendor pom groupid io.springfox Highest Product pom url springfox/springfox High Product jar package name springfox Highest Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product jar package name documentation Low Product jar package name staticdocs Low Product jar package name staticdocs Highest Product pom name springfox-staticdocs High Product Manifest Implementation-Title springfox-staticdocs High Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product Manifest build-time 2016-06-06T19:03:49-0500 Low Product central artifactid springfox-staticdocs Highest Product pom artifactid springfox-staticdocs Highest Product file name springfox-staticdocs High Product pom groupid io.springfox Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-swagger-common-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-common-2.5.0.jar
MD5: 455ab0ff2193d7691e4b5efc5c2f81fb
SHA1: 817f6b5cf4ee5304b762f57ab85d2d1a2ea1f32a
SHA256: 4dfcc95f666c7f6c060137dc47fc1881dcd2e78b86ec8b4d5fc9bb37082d8ade
Evidence Type Source Name Value Confidence Vendor pom name springfox-swagger-common High Vendor jar package name springfox Low Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor jar package name documentation Low Vendor file name springfox-swagger-common High Vendor pom artifactid springfox-swagger-common Low Vendor central groupid io.springfox Highest Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:49-0500 Low Vendor jar package name swagger Low Vendor pom groupid io.springfox Highest Product pom name springfox-swagger-common High Product pom url springfox/springfox High Product jar package name springfox Highest Product central artifactid springfox-swagger-common Highest Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product jar package name documentation Low Product Manifest Implementation-Title springfox-swagger-common High Product file name springfox-swagger-common High Product pom artifactid springfox-swagger-common Highest Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product Manifest build-time 2016-06-06T19:03:49-0500 Low Product jar package name swagger Highest Product jar package name swagger Low Product jar package name common Highest Product pom groupid io.springfox Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-swagger-ui-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar
MD5: 298487c0b1ac1bea4acdd8c6b0ad0fe1
SHA1: 6f7838c1d208edb5c3de2bce2232969623dac88b
SHA256: 127d82cd97e53d470d351b96e9f28aea6cf3c08c8518fb939578d691c6a05833
Evidence Type Source Name Value Confidence Vendor pom artifactid springfox-swagger-ui Low Vendor central groupid io.springfox Highest Vendor pom name springfox-swagger-ui High Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:49-0500 Low Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor file name springfox-swagger-ui High Vendor pom groupid io.springfox Highest Product Manifest Implementation-Title springfox-swagger-ui High Product pom url springfox/springfox High Product pom name springfox-swagger-ui High Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product Manifest build-time 2016-06-06T19:03:49-0500 Low Product central artifactid springfox-swagger-ui Highest Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product file name springfox-swagger-ui High Product pom groupid io.springfox Highest Product pom artifactid springfox-swagger-ui Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
springfox-swagger-ui-2.5.0.jar: backbone-min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/backbone-min.jsMD5: 3aa65f4d5feaf64d0bf0083e2a018ba3SHA1: 7afbb3f29409bc043251d27c213b11bc42c4ebd8SHA256: 67dc299a9549deb93ce4626f21c2cb06c9d9950992de2fb2402abc77e0e30dc9
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: en.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/en.jsMD5: abff222dc970385e4691fd5bb4abb58dSHA1: 6e834c84a7706ebb96957f9e3b2a6e1bf48f3a5aSHA256: 06cf61a6e0e9b6ee19cec6b16a2c30119a831c824acb4f6ca2675ec747cc3b26
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: es.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/es.jsMD5: 87c7dd16425207f85a46b0f353023a81SHA1: 5c95dbec5315b494d45537558b9428200f670399SHA256: bae5cc856a227f67c71b2d60583a9a9f1e3124f9907b194fc99f79e61f56c921
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: fr.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/fr.jsMD5: a09e955cae662a2106b77685a898033bSHA1: 97e9a2773c4160d568265bb8066bf20d1e5e13a1SHA256: 33c6569cbdd9d4b2bc172c53757d6775fa30554d3d1adfdcd24b4b83e96809ae
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: handlebars-2.0.0.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/handlebars-2.0.0.jsMD5: 501c421a9bc201f50c76c8d28af0cb36SHA1: f25d39dc72774e392d55d98dd1d1285b1e213809SHA256: 7cb481a09730ac4f570ec37702f2fa70ce197bec81100565c6817eb13666a796
Evidence Type Source Name Value Confidence Vendor file name handlebars High Product file name handlebars High Version file version 2.0.0 High
Published Vulnerabilities Disallow calling helperMissing and blockHelperMissing directly (RETIREJS) suppress
Disallow calling helperMissing and blockHelperMissing directly Unscored:
References:
Prototype pollution (RETIREJS) suppress
Prototype pollution Unscored:
References:
Quoteless attributes in templates can lead to XSS (RETIREJS) suppress
Quoteless attributes in templates can lead to XSS Unscored:
References:
springfox-swagger-ui-2.5.0.jar: highlight.7.3.pack.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/highlight.7.3.pack.jsMD5: 1faadb031ba98569ab3e854b64b2db06SHA1: 3e43686bd2b3ced379ee47f07d5c03a3a97d9827SHA256: 8ac611530446e502594abee6cedf1406f60c59b373e2482f8898211e766ca18d
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: it.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/it.jsMD5: 7f30ec6957dcf6d657e7b47ceba0f479SHA1: 62336364e5c631d0e10ad931ecffe826edba48a6SHA256: 0ef3a9d1c5e45f675ebf36006e591e921cc5b446c9d7266584ad67209d2beeec
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: ja.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/ja.jsMD5: 3fe74190f8406d60b044a838b4744933SHA1: 0c5c25aa804abf00869c97f8c68c72c5365aad0aSHA256: e2c439d3e34458c5057699eed719b8a4bd4234cffca28f15ab24f3b0e1644d5c
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: jquery-1.8.0.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/jquery-1.8.0.min.jsMD5: 3a728460147fb9af7faf0e587b9fbf42SHA1: f3a55f44fb81cf8ee908a3872841f70d6548f8c1SHA256: 8c574e0a06396dfa7064b8b460e0e4a8d5d0748c4aa66eb2e4efdfcb46da4b31
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.8.0.min High
Published Vulnerabilities CVE-2012-6708 suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 springfox-swagger-ui-2.5.0.jar: jquery.ba-bbq.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/jquery.ba-bbq.min.jsMD5: 07c72646c76932834219ef6827451df3SHA1: 42a48a21f1cfe2e38c2d7983c3120fa3c4fbad04SHA256: 4390c59a398ab1d124b5daa588728b1f05dede144555b4b29706363eaa000bef
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: jquery.slideto.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/jquery.slideto.min.jsMD5: 0860d2328e5a333731cf95de440f4356SHA1: b849bafad46251cbced13d4b501694dd21bd7464SHA256: 4ac55a3315abf9efaddf5c91723409a73e4b3c1b070199a1cd2e1f20db687e48
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: jquery.wiggle.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/jquery.wiggle.min.jsMD5: 7438b3ef10b182042dfa722f99ef2574SHA1: 8fdf6f42eb6e3fad77ea4be4eb39046538ad8253SHA256: 624a5b6c44f072fc01c12a66b8daf9c0b0d191569077f6c10fa7d3d83fe0c8f3
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: jsoneditor.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/jsoneditor.min.jsMD5: d4e890d92f40df14dbe4ed373a99b72aSHA1: 53fb97f2e049c6df8779150d1a03d77af167a442SHA256: 4c3771ac9aea4d65042f677ad5d9d83201e7c2b711d705e2a064229ec05511f4
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: marked.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/marked.jsMD5: 314b30dbc1b056c36d790e5b23fa4283SHA1: 28c90613a2ba4cfb8b8220b9c94e6ba2936309ddSHA256: a842d3f3b6545e025497f2287ed159507518379f1c6525bf15f3de0357aa1797
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: pl.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/pl.jsMD5: 389b5ed50d756a6d72ab0c59aa2d174aSHA1: 8d940a76b6d703d85fcd1a21680ef574ddd4023aSHA256: b6853a3d820dfb1831b95950479fdd8c5d8cabbb5faa7ae710878d6c047c31fc
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: pt.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/pt.jsMD5: 728b749a4eeaf63cb35a175ce4fc4dd2SHA1: 567a0bcb625d51bb0d7335589a63b57cc8d1feddSHA256: f52067367cd70203e726b6f2c957dfdafd3f3eb1821e973867c93b70abe003b1
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: ru.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/ru.jsMD5: a1e954e6c00d0df21f4f99463e87424fSHA1: 970b8e7dd9c2ee5d12cccd9b1b5a2b56b911f7c2SHA256: 902577d6a9edece7ffcda6a63c4283faf649dd947b519c4659cfe35dbad8e809
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: springfox.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/springfox.jsMD5: de218e8da665ca4e753dbe43dc7cddb7SHA1: 2fb21782abd3980761f31010209aaceb56d60431SHA256: 866dc1b7631f0d576546768ce099201fbbd8e771cd603ac04cf2977f51a28cd4
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: swagger-oauth.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/swagger-oauth.jsMD5: 6a45dbfe7ea1fb69face094ec047d4baSHA1: 2fc12af5b6ef80b1a15309846da19666a79904b5SHA256: 371abdde4d67efaa8f6f566fb77f57c3bf12796e44c19cc934898e37932a22a8
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: swagger-ui.min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/swagger-ui.min.jsMD5: d83cabba2a5b98948da0e927aaa1d8aeSHA1: 036017e04301d223ae955aec1978ded5139798eeSHA256: ceadb3d6acb6cd681f1b2975d08f83d9e07e6c0e59a3b9943cfd45219f0c9026
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: tr.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/tr.jsMD5: 755acffd181528cd33d83585b07f8d55SHA1: 5b854a3e6efd168830b182306531c02a288329a6SHA256: 2c1f42a57860ecf8e70e2a5706748131940eb43b730d72913053ffaa2c511993
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: translator.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/translator.jsMD5: 41f73296d6057069ffcdc44e072bd06cSHA1: a2e3ab15c2ebac12ca88db561be990c3664e39f0SHA256: 3c3d409d64155c4eaf090225dd726d279a7ccf2a7c039462573490184ec915a1
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: underscore-min.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lib/underscore-min.jsMD5: 137af05d496f59d468d1ffbce32f375dSHA1: fb26909af4ad2a6c240b9aa4b35bb983cf4b20e4SHA256: 7b6fbd8af1c538408f2fe7eef5f6c52b85db12ab91b63277287e5e9ea83a4931
Evidence Type Source Name Value Confidence
springfox-swagger-ui-2.5.0.jar: zh-cn.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger-ui-2.5.0.jar/META-INF/resources/webjars/springfox-swagger-ui/lang/zh-cn.jsMD5: bd6bf4ffb7b327be8976e5df36d4db6bSHA1: d6c562c4856d2eac83576567cb062536d6e8c9c5SHA256: 4633c1760afe2d1ff272d0427fc8b1c8a294fb38d28f3d49f1eecc4ffc4c91f9
Evidence Type Source Name Value Confidence
springfox-swagger2-2.5.0.jarDescription:
JSON API documentation for spring based applications License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/springfox-swagger2-2.5.0.jar
MD5: c7f2a1fae5d3982d46b7a67ad89f1d51
SHA1: b5f50caa259409ef25930d00c3cd48ba44afb97a
SHA256: dc3dccee8979626b7a36163a146182a6b89c75ecfe6d6d3fd79867f724e38d93
Evidence Type Source Name Value Confidence Vendor pom artifactid springfox-swagger2 Low Vendor file name springfox-swagger2 High Vendor jar package name springfox Low Vendor jar package name swagger2 Low Vendor Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Vendor jar package name documentation Low Vendor pom name springfox-swagger2 High Vendor central groupid io.springfox Highest Vendor pom url springfox/springfox Highest Vendor Manifest built-with gradle-2.13, groovy-2.4.4 Low Vendor Manifest build-time 2016-06-06T19:03:49-0500 Low Vendor pom groupid io.springfox Highest Product pom url springfox/springfox High Product file name springfox-swagger2 High Product jar package name springfox Highest Product Manifest Implementation-Title springfox-swagger2 High Product central artifactid springfox-swagger2 Highest Product jar package name swagger2 Low Product pom artifactid springfox-swagger2 Highest Product Manifest built-on ISDV161716L.fios-router.home/192.168.1.163 Low Product jar package name documentation Low Product pom name springfox-swagger2 High Product jar package name swagger2 Highest Product Manifest built-with gradle-2.13, groovy-2.4.4 Low Product Manifest build-time 2016-06-06T19:03:49-0500 Low Product jar package name mappers Low Product pom groupid io.springfox Highest Version Manifest Implementation-Version 2.5.0 High Version file version 2.5.0 High Version central version 2.5.0 Highest Version pom version 2.5.0 Highest
swagger-annotations-1.5.9.jarLicense:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/swagger-annotations-1.5.9.jar
MD5: 6f047e8c85031002929d59690ed6f6ef
SHA1: 0598403e3d21da08f8e46efb9f2b6d7b1bc0046d
SHA256: 53f422e10442bfade487cbd18bceef4fae17b2ac74e342f7ed427640b1c57020
Evidence Type Source Name Value Confidence Vendor file name swagger-annotations High Vendor Manifest bundle-symbolicname io.swagger.annotations Medium Vendor jar package name io Highest Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Vendor pom groupid io.swagger Highest Vendor Manifest mode development Low Vendor jar package name swagger Highest Vendor pom artifactid swagger-annotations Low Vendor pom parent-artifactid swagger-project Low Vendor jar package name annotations Highest Vendor pom name swagger-annotations High Product Manifest Bundle-Name swagger-annotations Medium Product Manifest bundle-symbolicname io.swagger.annotations Medium Product pom groupid io.swagger Highest Product pom name swagger-annotations High Product file name swagger-annotations High Product jar package name api Highest Product jar package name io Highest Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Product pom parent-artifactid swagger-project Medium Product Manifest mode development Low Product jar package name swagger Highest Product pom artifactid swagger-annotations Highest Product jar package name annotations Highest Version pom version 1.5.9 Highest Version file version 1.5.9 High Version Manifest Bundle-Version 1.5.9 High Version Manifest implementation-version 1.5.9 High
swagger-core-1.5.4.jarLicense:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/swagger-core-1.5.4.jar
MD5: d2078703a0b4648fcdc5f3e59254c1d4
SHA1: 0ed9d5cb44f888fa34c9071afbf8d0916f2dfb7e
SHA256: 38ca1dd588e00d21309bfd35efe10baf64ed9f7920e05ecec2bb12e51281d071
Evidence Type Source Name Value Confidence Vendor pom name swagger-core High Vendor jar package name io Highest Vendor jar package name core Highest Vendor pom groupid io.swagger Highest Vendor Manifest mode development Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low Vendor jar package name swagger Highest Vendor pom parent-artifactid swagger-project Low Vendor file name swagger-core High Vendor Manifest bundle-symbolicname io.swagger.core Medium Vendor pom artifactid swagger-core Low Product jar package name core Highest Product pom groupid io.swagger Highest Product pom artifactid swagger-core Highest Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low Product file name swagger-core High Product Manifest bundle-symbolicname io.swagger.core Medium Product pom name swagger-core High Product jar package name io Highest Product Manifest Bundle-Name swagger-core Medium Product pom parent-artifactid swagger-project Medium Product Manifest mode development Low Product jar package name swagger Highest Version Manifest Bundle-Version 1.5.4 High Version Manifest implementation-version 1.5.4 High Version pom version 1.5.4 Highest Version file version 1.5.4 High
swagger-models-1.5.9.jarLicense:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/swagger-models-1.5.9.jar
MD5: 8a7ab881debb167ddf6c29d7ea5741ee
SHA1: 7cc6e2b63619d826f9da4203630ab7add866a473
SHA256: 4d6f020cdbbbe92068fe254def0b5cd1221402ab84ee03c915ec5f854358d56d
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname io.swagger.models Medium Vendor jar package name models Highest Vendor jar package name io Highest Vendor pom name swagger-models High Vendor pom groupid io.swagger Highest Vendor Manifest mode development Low Vendor pom artifactid swagger-models Low Vendor file name swagger-models High Vendor jar package name swagger Highest Vendor pom parent-artifactid swagger-project Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low Product jar package name models Highest Product pom artifactid swagger-models Highest Product pom groupid io.swagger Highest Product file name swagger-models High Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low Product Manifest bundle-symbolicname io.swagger.models Medium Product jar package name io Highest Product pom name swagger-models High Product pom parent-artifactid swagger-project Medium Product Manifest mode development Low Product jar package name swagger Highest Product Manifest Bundle-Name swagger-models Medium Version pom version 1.5.9 Highest Version file version 1.5.9 High Version Manifest Bundle-Version 1.5.9 High Version Manifest implementation-version 1.5.9 High
swagger-parser-1.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/swagger-parser-1.0.13.jarMD5: def76a2139183415c930eda726557169SHA1: 1de172858472bd00f529904f2dea07df2a795b31SHA256: e03a8c8e70262fd5bf9e1a4a92c1d58c0e25a33086582e3c6d517d8689f866fa
Evidence Type Source Name Value Confidence Vendor file name swagger-parser High Vendor jar package name io Highest Vendor pom parent-artifactid swagger-parser-project Low Vendor pom groupid io.swagger Highest Vendor Manifest mode development Low Vendor jar package name parser Highest Vendor jar package name swagger Highest Vendor pom artifactid swagger-parser Low Vendor Manifest url http://nexus.sonatype.org/oss-repository-hosting.html/swagger-parser-project/modules/swagger-parser Low Vendor pom name swagger-parser High Product file name swagger-parser High Product jar package name io Highest Product pom parent-artifactid swagger-parser-project Medium Product pom groupid io.swagger Highest Product Manifest mode development Low Product jar package name parser Highest Product pom artifactid swagger-parser Highest Product jar package name swagger Highest Product Manifest url http://nexus.sonatype.org/oss-repository-hosting.html/swagger-parser-project/modules/swagger-parser Low Product pom name swagger-parser High Version file version 1.0.13 High Version pom version 1.0.13 Highest Version Manifest implementation-version 1.0.13 High
Related Dependencies swagger-compat-spec-parser-1.0.13.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/swagger-compat-spec-parser-1.0.13.jar MD5: 0cf3c319fadaf3971274f75a99bf622d SHA1: 52a61fa30ed96b95f8c2eb1cd0a88149fce28133 SHA256: 545902cc410dd690f289ebfb09e79b88cc2b4d24a6f45f417dafe0594cdd1035 pkg:maven/io.swagger/swagger-compat-spec-parser@1.0.13 Published Vulnerabilities CVE-2017-1000207 suppress
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2017-1000208 suppress
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
swagger2markup-0.9.2.jarDescription:
A Swagger to Markup (AsciiDoc and Markdown) converter. License:
Apache-2.0: https://github.com/Swagger2Markup/swagger2markup/blob/master/LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/swagger2markup-0.9.2.jar
MD5: a8f5544849fd1838bbae7a537738db80
SHA1: 1828032b952ccd1fbd525ac0a46cfcc15e0176f7
SHA256: b6b7fb5687e507deb22ed843ce00869a41000d143075b69f7f5c40774be98a76
Evidence Type Source Name Value Confidence Vendor Manifest build-date 2016-01-05 Low Vendor pom url Swagger2Markup/swagger2markup Highest Vendor Manifest build-time 14:35:23.737+0100 Low Vendor jar package name github Low Vendor pom artifactid swagger2markup Low Vendor jar package name robwin Low Vendor file name swagger2markup High Vendor central groupid io.github.robwin Highest Vendor pom name swagger2markup High Vendor pom groupid io.github.robwin Highest Vendor jar package name io Low Product Manifest Implementation-Title swagger2markup High Product jar package name github Low Product Manifest specification-title swagger2markup Medium Product central artifactid swagger2markup Highest Product pom name swagger2markup High Product pom groupid io.github.robwin Highest Product Manifest build-date 2016-01-05 Low Product Manifest build-time 14:35:23.737+0100 Low Product jar package name robwin Low Product pom artifactid swagger2markup Highest Product file name swagger2markup High Product jar package name swagger2markup Low Product jar package name swagger2markup Highest Product pom url Swagger2Markup/swagger2markup High Version Manifest Implementation-Version 0.9.2 High Version file version 0.9.2 High Version central version 0.9.2 Highest Version pom version 0.9.2 Highest
t-digest-3.0.jarDescription:
Data structure which allows accurate estimation of quantiles and related rank statistics License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/t-digest-3.0.jar
MD5: e7ede835f73c70cc662ca4d241250f1a
SHA1: 84ccf145ac2215e6bfa63baa3101c0af41017cfc
SHA256: 5271fc25f94c01fa7a0e30a522118705bf3db7441a0b9636e5122b05a3d9c35d
Evidence Type Source Name Value Confidence Vendor jar package name tdunning Low Vendor pom url tdunning/t-digest Highest Vendor jar package name stats Low Vendor jar package name tdunning Highest Vendor pom artifactid t-digest Low Vendor pom name T-Digest High Vendor pom groupid tdunning Highest Vendor file name t-digest High Vendor jar package name math Low Product pom artifactid t-digest Highest Product jar package name stats Low Product jar package name tdunning Highest Product pom name T-Digest High Product pom groupid tdunning Highest Product file name t-digest High Product pom url tdunning/t-digest High Product jar package name math Low Version pom version 3.0 Highest Version file version 3.0 High
Related Dependencies t-digest-3.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/t-digest-3.0.jar MD5: e7ede835f73c70cc662ca4d241250f1a SHA1: 84ccf145ac2215e6bfa63baa3101c0af41017cfc SHA256: 5271fc25f94c01fa7a0e30a522118705bf3db7441a0b9636e5122b05a3d9c35d t-digest-3.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/t-digest-3.0.jar MD5: e7ede835f73c70cc662ca4d241250f1a SHA1: 84ccf145ac2215e6bfa63baa3101c0af41017cfc SHA256: 5271fc25f94c01fa7a0e30a522118705bf3db7441a0b9636e5122b05a3d9c35d tomcat-embed-core-8.5.11.jarDescription:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/tomcat-embed-core-8.5.11.jar
MD5: dbaf0cf045f317f6c934cd34d23941e8
SHA1: 72761f51fc7cef3ee19d4aafc7adc605df9f611f
SHA256: e88bebb48bc541f79d114bb00b2e7bac024ad1723b2c32220655518880089555
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom artifactid tomcat-embed-core Low Vendor pom groupid apache.tomcat.embed Highest Vendor pom url http://tomcat.apache.org/ Highest Vendor file name tomcat-embed-core High Vendor jar package name apache Low Vendor central groupid org.apache.tomcat.embed Highest Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name apache Highest Product Manifest specification-title Apache Tomcat Medium Product pom groupid apache.tomcat.embed Highest Product file name tomcat-embed-core High Product jar package name tomcat Highest Product Manifest Implementation-Title Apache Tomcat High Product central artifactid tomcat-embed-core Highest Product jar package name apache Highest Product pom artifactid tomcat-embed-core Highest Product pom url http://tomcat.apache.org/ Medium Version pom version 8.5.11 Highest Version central version 8.5.11 Highest Version file version 8.5.11 High Version Manifest Implementation-Version 8.5.11 High
Related Dependencies Published Vulnerabilities CVE-2017-12617 suppress
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. CWE-434 Unrestricted Upload of File with Dangerous Type
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2017-5647 suppress
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. CWE-200 Information Exposure
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-5648 suppress
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: MEDIUM (6.4) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: CRITICAL (9.1) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-5650 suppress
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads. CWE-404 Improper Resource Shutdown or Release
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2017-5651 suppress
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. NVD-CWE-noinfo
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2017-5664 suppress
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. CWE-755 Improper Handling of Exceptional Conditions
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-7674 suppress
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. CWE-345 Insufficient Verification of Data Authenticity
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2017-7675 suppress
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-11784 suppress
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1304 suppress
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1305 suppress
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-1336 suppress
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-8014 suppress
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. CWE-1188
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2018-8034 suppress
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2018-8037 suppress
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-0199 suppress
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-0221 suppress
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2019-0232 suppress
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/). CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv2:
Base Score: HIGH (9.3) Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-10072 suppress
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. CWE-667 Improper Locking
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-12418 suppress
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CWE-522 Insufficiently Protected Credentials
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: /AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-17563 suppress
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. CWE-384 Session Fixation
CVSSv2:
Base Score: MEDIUM (5.1) Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-11996 suppress
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13934 suppress
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13935 suppress
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-13943 suppress
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1935 suppress
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.8) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-1938 suppress
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-8022 suppress
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1. CWE-276 Incorrect Default Permissions
CVSSv2:
Base Score: HIGH (7.2) Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (8.4) Vector: /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2020-9484 suppress
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: /AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
tomcat-embed-el-8.5.11.jarDescription:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/tomcat-embed-el-8.5.11.jar
MD5: a0219ec6183ec52f79aa24cb341b822f
SHA1: 60253815b897166903bf5ec41219c5bb15333a69
SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom groupid apache.tomcat.embed Highest Vendor pom url http://tomcat.apache.org/ Highest Vendor jar package name apache Low Vendor central groupid org.apache.tomcat.embed Highest Vendor file name tomcat-embed-el High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name apache Highest Vendor jar package name el Low Vendor pom artifactid tomcat-embed-el Low Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-embed-el Highest Product pom groupid apache.tomcat.embed Highest Product file name tomcat-embed-el High Product Manifest Implementation-Title Apache Tomcat High Product jar package name apache Highest Product jar package name el Low Product pom url http://tomcat.apache.org/ Medium Product central artifactid tomcat-embed-el Highest Version pom version 8.5.11 Highest Version central version 8.5.11 Highest Version file version 8.5.11 High Version Manifest Implementation-Version 8.5.11 High
Related Dependencies tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-embed-el-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/tomcat-embed-el-8.5.11.jar MD5: a0219ec6183ec52f79aa24cb341b822f SHA1: 60253815b897166903bf5ec41219c5bb15333a69 SHA256: 14f8746e75ac9b81a4c70c2bd81f00822f75953565b54988f323f2eb0c683bef tomcat-juli-8.5.11.jarDescription:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/tomcat-juli-8.5.11.jar
MD5: fea6f5dd1fe9cc963af3b291c6e0ac43
SHA1: fa0b261ce002175b65ebb6ae8eb4345cb7e57da3
SHA256: 73373479452945054d110cc6c987898bfa6ad6a20f8709018b94bf888a51705c
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor central groupid org.apache.tomcat Highest Vendor pom url http://tomcat.apache.org/ Highest Vendor file name tomcat-juli High Vendor pom groupid apache.tomcat Highest Vendor jar package name apache Low Vendor jar package name juli Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom artifactid tomcat-juli Low Product Manifest specification-title Apache Tomcat Medium Product file name tomcat-juli High Product pom artifactid tomcat-juli Highest Product pom groupid apache.tomcat Highest Product central artifactid tomcat-juli Highest Product Manifest Implementation-Title Apache Tomcat High Product jar package name juli Low Product jar package name apache Highest Product pom url http://tomcat.apache.org/ Medium Version pom version 8.5.11 Highest Version central version 8.5.11 Highest Version file version 8.5.11 High Version Manifest Implementation-Version 8.5.11 High
Related Dependencies tomcat-juli-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/tomcat-juli-8.5.11.jar MD5: fea6f5dd1fe9cc963af3b291c6e0ac43 SHA1: fa0b261ce002175b65ebb6ae8eb4345cb7e57da3 SHA256: 73373479452945054d110cc6c987898bfa6ad6a20f8709018b94bf888a51705c tomcat-juli-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/tomcat-juli-8.5.11.jar MD5: fea6f5dd1fe9cc963af3b291c6e0ac43 SHA1: fa0b261ce002175b65ebb6ae8eb4345cb7e57da3 SHA256: 73373479452945054d110cc6c987898bfa6ad6a20f8709018b94bf888a51705c tomcat-juli-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/tomcat-juli-8.5.11.jar MD5: fea6f5dd1fe9cc963af3b291c6e0ac43 SHA1: fa0b261ce002175b65ebb6ae8eb4345cb7e57da3 SHA256: 73373479452945054d110cc6c987898bfa6ad6a20f8709018b94bf888a51705c tomcat-jdbc-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/tomcat-jdbc-8.5.11.jar MD5: 165e44fdbde8611489fbe8fe99e68ba6 SHA1: 4d156969f12963b5f9232e9fe68ab710c3318ad5 SHA256: e00a12173f6ef2015069cf37d214df3a1bcb958e7d6b6c0d76f19a1951d605ed tomcat-jdbc-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/tomcat-jdbc-8.5.11.jar MD5: 165e44fdbde8611489fbe8fe99e68ba6 SHA1: 4d156969f12963b5f9232e9fe68ab710c3318ad5 SHA256: e00a12173f6ef2015069cf37d214df3a1bcb958e7d6b6c0d76f19a1951d605ed tomcat-jdbc-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/tomcat-jdbc-8.5.11.jar MD5: 165e44fdbde8611489fbe8fe99e68ba6 SHA1: 4d156969f12963b5f9232e9fe68ab710c3318ad5 SHA256: e00a12173f6ef2015069cf37d214df3a1bcb958e7d6b6c0d76f19a1951d605ed tomcat-jdbc-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/tomcat-jdbc-8.5.11.jar MD5: 165e44fdbde8611489fbe8fe99e68ba6 SHA1: 4d156969f12963b5f9232e9fe68ab710c3318ad5 SHA256: e00a12173f6ef2015069cf37d214df3a1bcb958e7d6b6c0d76f19a1951d605ed tomcat-juli-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/tomcat-juli-8.5.11.jar MD5: fea6f5dd1fe9cc963af3b291c6e0ac43 SHA1: fa0b261ce002175b65ebb6ae8eb4345cb7e57da3 SHA256: 73373479452945054d110cc6c987898bfa6ad6a20f8709018b94bf888a51705c tomcat-jdbc-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/tomcat-jdbc-8.5.11.jar MD5: 165e44fdbde8611489fbe8fe99e68ba6 SHA1: 4d156969f12963b5f9232e9fe68ab710c3318ad5 SHA256: e00a12173f6ef2015069cf37d214df3a1bcb958e7d6b6c0d76f19a1951d605ed tomcat-jdbc-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/tomcat-jdbc-8.5.11.jar MD5: 165e44fdbde8611489fbe8fe99e68ba6 SHA1: 4d156969f12963b5f9232e9fe68ab710c3318ad5 SHA256: e00a12173f6ef2015069cf37d214df3a1bcb958e7d6b6c0d76f19a1951d605ed pkg:maven/org.apache.tomcat/tomcat-jdbc@8.5.11 tomcat-juli-8.5.11.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/tomcat-juli-8.5.11.jar MD5: fea6f5dd1fe9cc963af3b291c6e0ac43 SHA1: fa0b261ce002175b65ebb6ae8eb4345cb7e57da3 SHA256: 73373479452945054d110cc6c987898bfa6ad6a20f8709018b94bf888a51705c tools-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/tools-1.8.0.jarMD5: d1e9463b86029989ad0e3d09859b931eSHA1: 63eca2ac6ea0d273b8b8ec1469708294889b2d60SHA256: 6c5910dbc5c10213f3ad0b4d5fe14464b2cc9792c252157d4ea1b29d4e5ab46c
Evidence Type Source Name Value Confidence Vendor jar package name sun Low Vendor file name tools High Vendor jar package name tools Low Vendor jar (hint) package name oracle Low Product file name tools High Product jar package name tools Low Version file name tools Medium Version file version 1.8.0 High
Related Dependencies tools-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/tools-1.8.0.jar MD5: d1e9463b86029989ad0e3d09859b931e SHA1: 63eca2ac6ea0d273b8b8ec1469708294889b2d60 SHA256: 6c5910dbc5c10213f3ad0b4d5fe14464b2cc9792c252157d4ea1b29d4e5ab46c tools-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/tools-1.8.0.jar MD5: d1e9463b86029989ad0e3d09859b931e SHA1: 63eca2ac6ea0d273b8b8ec1469708294889b2d60 SHA256: 6c5910dbc5c10213f3ad0b4d5fe14464b2cc9792c252157d4ea1b29d4e5ab46c tools-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/tools-1.8.0.jar MD5: d1e9463b86029989ad0e3d09859b931e SHA1: 63eca2ac6ea0d273b8b8ec1469708294889b2d60 SHA256: 6c5910dbc5c10213f3ad0b4d5fe14464b2cc9792c252157d4ea1b29d4e5ab46c tools-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/tools-1.8.0.jar MD5: d1e9463b86029989ad0e3d09859b931e SHA1: 63eca2ac6ea0d273b8b8ec1469708294889b2d60 SHA256: 6c5910dbc5c10213f3ad0b4d5fe14464b2cc9792c252157d4ea1b29d4e5ab46c tools-1.8.0.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/tools-1.8.0.jar MD5: d1e9463b86029989ad0e3d09859b931e SHA1: 63eca2ac6ea0d273b8b8ec1469708294889b2d60 SHA256: 6c5910dbc5c10213f3ad0b4d5fe14464b2cc9792c252157d4ea1b29d4e5ab46c tools-1.8.0.jar: hat.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/tools-1.8.0.jar/com/sun/tools/hat/resources/hat.jsMD5: 5b9bb94cd3d4b0b80c0b8de391f8213cSHA1: 5f4cb38488c11cd2f604358d18a41b6cd591c3afSHA256: 1ccdc8b5ce7cb76170d8d873f5fdf3b4ab64c17110349bd172e49331c0d78564
Evidence Type Source Name Value Confidence
tools-1.8.0.jar: init.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/tools-1.8.0.jar/com/sun/tools/script/shell/init.jsMD5: c6da122401fcbff02fe56f8f7837640fSHA1: ae8ba086aaabf38afdc61f9992119b6eb446ef43SHA256: 1100ba8df6f5176db31c1e4413c54437b33b61544df131770b0ba0b2ac6c12cf
Evidence Type Source Name Value Confidence
tools-1.8.0.jar: script.jsFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/tools-1.8.0.jar/com/sun/tools/doclets/internal/toolkit/resources/script.jsMD5: 4a010b8264c9873452f055748133bb29SHA1: 58e5151d49209a2e12b988e84e9a74b781c68a2eSHA256: 506393161b692568f588d68beaecf9ad5d33f147abad909d9cde12918dbce7b7
Evidence Type Source Name Value Confidence
transport-5.2.1.jarDescription:
Elasticsearch subproject :client:transport License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/transport-5.2.1.jar
MD5: f405a3a73484f47b9a33456b08257f5b
SHA1: aa712924b420570be5b846eaeeeee84d326c40ef
SHA256: 3a733799e91f9a1a472c60d0f90d963adf22f8c284b1a146200ca0189751ddb2
Evidence Type Source Name Value Confidence Vendor central groupid org.elasticsearch.client Highest Vendor Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Vendor Manifest build-date 2017-02-09T22:07:18.384Z Low Vendor Manifest module-origin elastic/elasticsearch.git Low Vendor pom artifactid transport Low Vendor pom url elastic/elasticsearch Highest Vendor Manifest built-status integration Low Vendor Manifest change db0d481 Low Vendor file name transport High Vendor Manifest module-source /client/transport Low Vendor jar package name elasticsearch Low Vendor pom groupid elasticsearch.client Highest Vendor jar package name transport Low Vendor jar package name client Low Vendor Manifest built-os Linux Low Vendor Manifest x-compile-elasticsearch-snapshot false Low Vendor pom name transport High Product Manifest branch db0d481864d5eb1aa9756736e118fddb69725168 Low Product jar package name prebuilttransportclient Low Product pom url elastic/elasticsearch High Product central artifactid transport Highest Product Manifest build-date 2017-02-09T22:07:18.384Z Low Product Manifest Implementation-Title org.elasticsearch.client#transport;5.2.1 High Product Manifest module-origin elastic/elasticsearch.git Low Product pom artifactid transport Highest Product jar package name elasticsearch Highest Product Manifest built-status integration Low Product Manifest change db0d481 Low Product file name transport High Product Manifest module-source /client/transport Low Product pom groupid elasticsearch.client Highest Product jar package name transport Highest Product jar package name transport Low Product jar package name client Low Product Manifest built-os Linux Low Product jar package name client Highest Product Manifest x-compile-elasticsearch-snapshot false Low Product pom name transport High Version central version 5.2.1 Highest Version pom version 5.2.1 Highest Version Manifest Implementation-Version 5.2.1 High Version Manifest x-compile-elasticsearch-version 5.2.1 Medium Version file version 5.2.1 High
Related Dependencies transport-netty4-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/transport-netty4-client-5.2.1.jar MD5: b7c61a2f58210e1d42f39bb8035abd8c SHA1: 99ad29e98ec358c632e9308cffe5bba61bd05c6b SHA256: dc8b88196be2c0226133e922c73e8f0571e34dcc2b2fe502640719070fdac3d1 transport-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/transport-5.2.1.jar MD5: f405a3a73484f47b9a33456b08257f5b SHA1: aa712924b420570be5b846eaeeeee84d326c40ef SHA256: 3a733799e91f9a1a472c60d0f90d963adf22f8c284b1a146200ca0189751ddb2 transport-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/transport-5.2.1.jar MD5: f405a3a73484f47b9a33456b08257f5b SHA1: aa712924b420570be5b846eaeeeee84d326c40ef SHA256: 3a733799e91f9a1a472c60d0f90d963adf22f8c284b1a146200ca0189751ddb2 transport-netty3-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/transport-netty3-client-5.2.1.jar MD5: 1e8458321885996a591add1b7be86281 SHA1: 6889e1dc5493995c263ce7537b84eb5f2faf628f SHA256: d6bc4d689bb7283a0d923fc440d3366cd045f732b068df47d0767f448125cd7e transport-netty3-client-5.2.1.jar transport-netty3-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/transport-netty3-client-5.2.1.jar MD5: 1e8458321885996a591add1b7be86281 SHA1: 6889e1dc5493995c263ce7537b84eb5f2faf628f SHA256: d6bc4d689bb7283a0d923fc440d3366cd045f732b068df47d0767f448125cd7e transport-netty4-client-5.2.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/transport-netty4-client-5.2.1.jar MD5: b7c61a2f58210e1d42f39bb8035abd8c SHA1: 99ad29e98ec358c632e9308cffe5bba61bd05c6b SHA256: dc8b88196be2c0226133e922c73e8f0571e34dcc2b2fe502640719070fdac3d1 transport-netty4-client-5.2.1.jar Published Vulnerabilities CVE-2019-7611 suppress
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2019-7614 suppress
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2020-7019 suppress
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. CWE-269 Improper Privilege Management
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.5) Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
uri-template-0.9.jarDescription:
null License:
Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/uri-template-0.9.jar
MD5: f0bfa64e2bbbb4da7d1913f47bcee3d7
SHA1: ab1ad5804d3c7d640f21059085df5be340e97929
SHA256: 5bc99edfa927dcf5f0f7ee9ae440750139d97c8c9b5a23400b497f28adf3edc5
Evidence Type Source Name Value Confidence Vendor central groupid com.github.fge Highest Vendor jar package name uritemplate Low Vendor jar package name github Low Vendor jar package name github Highest Vendor pom url fge/uri-template Highest Vendor jar package name fge Low Vendor pom groupid github.fge Highest Vendor pom artifactid uri-template Low Vendor pom name null High Vendor file name uri-template High Vendor jar package name fge Highest Vendor Manifest bundle-symbolicname com.github.fge.uri-template Medium Product Manifest Bundle-Name uri-template Medium Product jar package name uritemplate Low Product pom url fge/uri-template High Product central artifactid uri-template Highest Product jar package name github Highest Product jar package name fge Low Product pom groupid github.fge Highest Product pom name null High Product file name uri-template High Product pom artifactid uri-template Highest Product jar package name fge Highest Product Manifest bundle-symbolicname com.github.fge.uri-template Medium Version file version 0.9 High Version central version 0.9 Highest Version pom version 0.9 Highest Version Manifest Bundle-Version 0.9 High
validation-api-1.1.0.Final.jarDescription:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Evidence Type Source Name Value Confidence Vendor file name validation-api High Vendor pom groupid javax.validation Highest Vendor jar package name validation Highest Vendor pom artifactid validation-api Low Vendor pom name Bean Validation API High Vendor pom url http://beanvalidation.org Highest Vendor jar package name javax Highest Vendor Manifest bundle-symbolicname javax.validation.api Medium Product file name validation-api High Product pom groupid javax.validation Highest Product pom url http://beanvalidation.org Medium Product Manifest Bundle-Name Bean Validation API Medium Product jar package name validation Highest Product pom name Bean Validation API High Product pom artifactid validation-api Highest Product jar package name javax Highest Product Manifest bundle-symbolicname javax.validation.api Medium Version Manifest Bundle-Version 1.1.0.Final High Version pom version 1.1.0.Final Highest
Related Dependencies validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed validation-api-1.1.0.Final.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/validation-api-1.1.0.Final.jar MD5: 4c257f52462860b62ab3cdab45f53082 SHA1: 8613ae82954779d518631e05daa73a6a954817d5 SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed velocity-1.5.jarDescription:
Apache Velocity is a general purpose template engine. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/velocity-1.5.jar
MD5: 8d46d30a37e1cf2047cdfa73c552e8a9
SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b
SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62
Evidence Type Source Name Value Confidence Vendor jar package name velocity Low Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest extension-name velocity Medium Vendor pom artifactid velocity Low Vendor file name velocity High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom groupid apache.velocity Highest Vendor Manifest specification-vendor Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom groupid velocity Highest Vendor pom name Apache Velocity High Vendor jar package name apache Low Vendor pom url http://velocity.apache.org/engine/releases/velocity-1.5/ Highest Vendor pom organization url http://www.apache.org/ Medium Vendor jar package name velocity Highest Vendor central groupid org.apache.velocity High Vendor jar package name runtime Low Vendor pom organization name The Apache Software Foundation High Vendor central groupid velocity High Product jar package name velocity Low Product Manifest extension-name velocity Medium Product pom organization name The Apache Software Foundation Low Product file name velocity High Product pom groupid apache.velocity Highest Product jar package name apache Highest Product pom groupid velocity Highest Product central artifactid velocity High Product Manifest specification-title Velocity is a Java-based template engine Medium Product Manifest Implementation-Title org.apache.velocity High Product pom name Apache Velocity High Product pom organization url http://www.apache.org/ Low Product pom artifactid velocity Highest Product pom url http://velocity.apache.org/engine/releases/velocity-1.5/ Medium Product jar package name velocity Highest Product jar package name runtime Low Product jar package name template Highest Version Manifest Implementation-Version 1.5 High Version central version 1.5 High Version pom version 1.5 Highest Version file version 1.5 High
Related Dependencies velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 velocity-1.5.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/velocity-1.5.jar MD5: 8d46d30a37e1cf2047cdfa73c552e8a9 SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b SHA256: e06403f9cd69033e523bec43195a2a1b6106e28c5d7d053b569ae771e9e49a62 wagon-provider-api-1.0-beta-6.jarDescription:
Maven Wagon API that defines the contract between different Wagon implementations File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/wagon-provider-api-1.0-beta-6.jarMD5: 63826e38e44f08e7935c1d173667ed8cSHA1: 3f952e0282ae77ae59851d96bb18015e520b6208SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861
Evidence Type Source Name Value Confidence Vendor file name wagon-provider-api High Vendor pom parent-artifactid wagon Low Vendor pom artifactid wagon-provider-api Low Vendor jar package name maven Highest Vendor pom parent-groupid org.apache.maven.wagon Medium Vendor jar package name apache Highest Vendor jar package name wagon Highest Vendor Manifest Implementation-Vendor-Id org.apache.maven.wagon Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid apache.maven.wagon Highest Vendor pom name Maven Wagon API High Vendor Manifest specification-vendor The Apache Software Foundation Low Product file name wagon-provider-api High Product Manifest specification-title Maven Wagon API Medium Product jar package name maven Highest Product pom parent-groupid org.apache.maven.wagon Medium Product Manifest Implementation-Title Maven Wagon API High Product pom groupid apache.maven.wagon Highest Product pom artifactid wagon-provider-api Highest Product pom name Maven Wagon API High Product jar package name apache Highest Product jar package name wagon Highest Product pom parent-artifactid wagon Medium Version pom version 1.0-beta-6 Highest Version Manifest Implementation-Version 1.0-beta-6 High
Related Dependencies wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 wagon-provider-api-1.0-beta-6.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/wagon-provider-api-1.0-beta-6.jar MD5: 63826e38e44f08e7935c1d173667ed8c SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208 SHA256: e116f32edcb77067289a3148143f2c0c97b27cf9a1342f8108ee37dec4868861 xercesImpl-2.8.1.jarDescription:
Xerces2 is the next generation of high performance, fully
compliant XML parsers in the Apache Xerces family. This new
version of Xerces introduces the Xerces Native Interface (XNI),
a complete framework for building parser components and
configurations that is extremely modular and easy to program. File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/xercesImpl-2.8.1.jarMD5: e86f321c8191b37bd720ff5679f57288SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b
Evidence Type Source Name Value Confidence Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid xercesImpl Low Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor file name xercesImpl High Vendor manifest: org/apache/xerces/impl/Version.class Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor jar package name xerces Low Vendor pom name Xerces2 Java Parser High Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium Vendor jar package name apache Highest Vendor pom groupid xerces Highest Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor central groupid xerces Highest Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor jar package name apache Low Vendor pom parent-groupid org.apache Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom parent-artifactid apache Low Vendor pom url http://xerces.apache.org/xerces2-j/ Highest Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium Product manifest: org/apache/xerces/impl/Version.class Implementation-Title org.apache.xerces.impl.Version Medium Product file name xercesImpl High Product jar package name parsers Highest Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium Product jar package name xerces Low Product pom name Xerces2 Java Parser High Product jar package name apache Highest Product pom groupid xerces Highest Product jar package name xerces Highest Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product central artifactid xercesImpl Highest Product jar package name xni Highest Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product jar package name impl Highest Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product pom url http://xerces.apache.org/xerces2-j/ Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium Product jar package name datatype Highest Product jar package name xpath Highest Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product pom parent-artifactid apache Medium Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product jar package name validation Highest Product pom parent-groupid org.apache Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product jar package name dom Highest Product jar package name version Highest Product pom artifactid xercesImpl Highest Product jar package name w3c Highest Product jar package name xml Highest Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Version manifest: org/apache/xerces/impl/Version.class Implementation-Version 2.8.1 Medium Version central version 2.8.1 Highest Version pom version 2.8.1 Highest Version file version 2.8.1 High Version pom parent-version 2.8.1 Low
Related Dependencies xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b xercesImpl-2.8.1.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/xercesImpl-2.8.1.jar MD5: e86f321c8191b37bd720ff5679f57288 SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1 SHA256: f95f3ad141bdff5a64962f6c26b4f18ecf0975cd3a68802712284b9e6db37e1b Published Vulnerabilities CVE-2009-2625 (OSSINDEX) suppress
> A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service.
>
> -- [redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2625) Unscored:
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:xerces:xercesImpl:2.8.1:*:*:*:*:*:*:* CVE-2012-0881 suppress
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. CWE-399 Resource Management Errors
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
xml-apis-1.4.01.jarDescription:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-mail/target/dependency/xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad
Evidence Type Source Name Value Confidence Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor pom groupid xml-apis Highest Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor jar package name apache Highest Vendor pom name XML Commons External Components XML APIs High Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor central groupid xml-apis Highest Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor pom url http://xml.apache.org/commons/components/external/ Highest Vendor jar package name xml Low Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/stream/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor pom artifactid xml-apis Low Vendor file name xml-apis High Vendor manifest: javax/xml/namespace/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Product pom groupid xml-apis Highest Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product jar package name xmlcommons Highest Product manifest: javax/xml/namespace/ Implementation-Title javax.xml.namespace Medium Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product jar package name parsers Highest Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product jar package name document Highest Product jar package name apache Highest Product pom name XML Commons External Components XML APIs High Product manifest: javax/xml/stream/ Implementation-Title javax.xml.stream Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model (DOM) Level 3 Core Medium Product manifest: javax/xml/namespace/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product jar package name javax Highest Product pom artifactid xml-apis Highest Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product jar package name sax Highest Product jar package name stax Highest Product jar package name datatype Highest Product jar package name xpath Highest Product pom url http://xml.apache.org/commons/components/external/ Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product jar package name ls Highest Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model (DOM) Level 3 Load and Save Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product jar package name namespace Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product jar package name validation Highest Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/stream/ Specification-Title Streaming API for XML (StAX) 1.0 Medium Product jar package name dom Highest Product jar package name version Highest Product jar package name stream Highest Product jar package name w3c Highest Product jar package name xml Highest Product central artifactid xml-apis Highest Product file name xml-apis High Product jar package name transform Highest Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Version manifest: javax/xml/stream/ Implementation-Version 1.4.01 Medium Version central version 1.4.01 Highest Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.4.01 Medium Version pom version 1.4.01 Highest Version manifest: javax/xml/datatype/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/namespace/ Implementation-Version 1.4.01 Medium Version file version 1.4.01 High Version manifest: javax/xml/parsers/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/xpath/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/transform/ Implementation-Version 1.4.01 Medium Version manifest: javax/xml/validation/ Implementation-Version 1.4.01 Medium
Related Dependencies xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-config-center/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-web/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-upload/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-shiro-redis/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-parent/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-sms-http/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-elasticsearch/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-common/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-migration/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xml-apis-1.4.01.jarFile Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-search/target/dependency/xml-apis-1.4.01.jar MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3 SHA256: a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad xmlpull-1.1.3.1.jarLicense:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
SHA256: 34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63
Evidence Type Source Name Value Confidence Vendor central groupid xmlpull Highest Vendor pom url http://www.xmlpull.org Highest Vendor jar package name v1 Low Vendor file name xmlpull High Vendor pom groupid xmlpull Highest Vendor pom artifactid xmlpull Low Vendor pom name XML Pull Parsing API High Vendor jar package name xmlpull Low Product jar package name v1 Low Product central artifactid xmlpull Highest Product file name xmlpull High Product pom artifactid xmlpull Highest Product pom groupid xmlpull Highest Product pom name XML Pull Parsing API High Product pom url http://www.xmlpull.org Medium Version file version 1.1.3.1 High Version central version 1.1.3.1 Highest Version pom version 1.1.3.1 Highest
xpp3_min-1.1.4c.jarDescription:
MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+. License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
SHA256: bfc90e9e32d0eab1f397fb974b5f150a815188382ac41f372a7149d5bc178008
Evidence Type Source Name Value Confidence Vendor jar package name v1 Low Vendor pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High Vendor pom organization name Extreme! Lab, Indiana University High Vendor pom organization url http://www.extreme.indiana.edu/ Medium Vendor pom artifactid xpp3_min Low Vendor file name xpp3_min High Vendor central groupid xpp3 Highest Vendor pom groupid xpp3 Highest Vendor pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Highest Vendor jar package name xmlpull Low Product jar package name v1 Low Product pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High Product pom organization name Extreme! Lab, Indiana University Low Product file name xpp3_min High Product pom groupid xpp3 Highest Product pom organization url http://www.extreme.indiana.edu/ Low Product pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Medium Product central artifactid xpp3_min Highest Product pom artifactid xpp3_min Highest Version central version 1.1.4c Highest Version pom version 1.1.4c Highest Version file version 1.1.4c High
xstream-1.4.7.jarDescription:
XStream is a serialization library from Java objects to XML and back. License:
http://xstream.codehaus.org/license.html File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-batch/target/dependency/xstream-1.4.7.jar
MD5: 9d5276eee85637842dcd2095f820e964
SHA1: bce3282142b63068260f021fcbe48b72e8d71a1a
SHA256: 7f8039c0ee7284f9c2a9554b5e2bc20bf26b74b37f690633a75ff1993136f364
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname xstream Medium Vendor jar package name xstream Highest Vendor Manifest Implementation-Vendor XStream High Vendor pom parent-groupid com.thoughtworks.xstream Medium Vendor jar package name thoughtworks Highest Vendor Manifest x-compile-source 1.5 Low Vendor Manifest specification-vendor XStream Low Vendor pom name XStream Core High Vendor jar package name core Highest Vendor Manifest x-build-time 20140208-1150 Low Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium Vendor Manifest x-build-os Linux Low Vendor Manifest x-builder Maven 3.0.5 Low Vendor pom artifactid xstream Low Vendor Manifest x-compile-target 1.5 Low Vendor file name xstream High Vendor Manifest bundle-docurl http://xstream.codehaus.org Low Vendor pom groupid thoughtworks.xstream Highest Vendor pom parent-artifactid xstream-parent Low Product Manifest bundle-symbolicname xstream Medium Product jar package name xstream Highest Product pom parent-artifactid xstream-parent Medium Product pom parent-groupid com.thoughtworks.xstream Medium Product pom artifactid xstream Highest Product Manifest x-compile-source 1.5 Low Product jar package name thoughtworks Highest Product pom name XStream Core High Product jar package name core Highest Product Manifest x-build-time 20140208-1150 Low Product Manifest Implementation-Title XStream Core High Product Manifest x-build-os Linux Low Product Manifest x-builder Maven 3.0.5 Low Product Manifest specification-title XStream Core Medium Product Manifest x-compile-target 1.5 Low Product file name xstream High Product Manifest Bundle-Name XStream Core Medium Product jar package name xml Highest Product Manifest bundle-docurl http://xstream.codehaus.org Low Product pom groupid thoughtworks.xstream Highest Version pom version 1.4.7 Highest Version file version 1.4.7 High Version Manifest Bundle-Version 1.4.7 High Version Manifest Implementation-Version 1.4.7 High
Published Vulnerabilities CVE-2016-3674 suppress
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. CWE-200 Information Exposure
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2017-7957 suppress
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
zuul-core-1.3.0.jarDescription:
zuul-core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /mnt/sonarshell/projects/udesk-fever-framework_0.0.3/fever-metrics/target/dependency/zuul-core-1.3.0.jar
MD5: 9533c3050e05d4198473925ab8d045a2
SHA1: 3974695eb1c9845a2fc575acfdea2d8d91deba1b
SHA256: 9425cd10eecbc2ad77902f8ddbdfc0f57fa6fd573bc0a8f8e2114a05ed67c848
Evidence Type Source Name Value Confidence Vendor Manifest change 56ba3ec Low Vendor central groupid com.netflix.zuul Highest Vendor Manifest branch 1.x Low Vendor Manifest build-job NetflixOSS/zuul/zuul-1.x-release Low Vendor Manifest module-origin Netflix/zuul.git Low Vendor pom groupid netflix.zuul Highest Vendor pom artifactid zuul-core Low Vendor Manifest build-number 22 Low Vendor Manifest built-status integration Low Vendor jar package name zuul Low Vendor jar package name netflix Low Vendor Manifest build-date 2016-09-09_11:38:17 Low Vendor Manifest module-email netflixoss@netflix.com Low Vendor pom url Netflix/zuul Highest Vendor file name zuul-core High Vendor Manifest build-host https://netflixoss.ci.cloudbees.com/ Low Vendor Manifest built-os Linux Low Vendor pom name zuul-core High Vendor Manifest module-source /zuul-core Low Vendor Manifest module-owner netflixoss@netflix.com Low Product central artifactid zuul-core Highest Product Manifest change 56ba3ec Low Product pom url Netflix/zuul High Product Manifest branch 1.x Low Product Manifest build-job NetflixOSS/zuul/zuul-1.x-release Low Product Manifest module-origin Netflix/zuul.git Low Product pom groupid netflix.zuul Highest Product jar package name zuul Highest Product Manifest build-number 22 Low Product Manifest Implementation-Title com.netflix.zuul#zuul-core;1.3.0 High Product Manifest built-status integration Low Product jar package name zuul Low Product pom artifactid zuul-core Highest Product Manifest build-date 2016-09-09_11:38:17 Low Product Manifest module-email netflixoss@netflix.com Low Product file name zuul-core High Product jar package name netflix Highest Product Manifest build-host https://netflixoss.ci.cloudbees.com/ Low Product Manifest built-os Linux Low Product pom name zuul-core High Product Manifest module-source /zuul-core Low Product Manifest module-owner netflixoss@netflix.com Low Version central version 1.3.0 Highest Version pom version 1.3.0 Highest Version file version 1.3.0 High Version Manifest Implementation-Version 1.3.0 High